@MobilXperts Admin has joined the channel
Hello @jhenson, welcome to MXE (Mobility eXperts Exchange). 👋 Everyone, say hi!
Welcome to the Exchange @Jonathan Henson & @jaimin.s!
@Jonathan Henson: is working a downtime tonight so he may be offline most of the day
@jaimin.s: you don’t happen to be heading to BRIForum next week in Boston, do you?
Yeah, standing-in for a buddy of mine @ Kindred
It is - used to go all the time on school trips. Thank fully I am not prone to sea sickness. The tickets are reasonable too, $50 or less
Welcome, @clappa00. Good people of MXE (Mobility eXperts Exchange), come say hello!
Awesome - This is going to be the most useful account you’ll create all year haha
Inviting a bunch of the best ppl to join this - including @jaimin.s @Jonathan Henson and more (who haven’t hopped on yet)
Awesome, sounds good to me! Hope everything's going well @Jonathan Henson!! Haven't talked with you in a while.. Nice to meet you @jaimin.s
Yeah man.. Need to get together for lunch sometime soon!
I meant to say, if you all have someone who’s sharp and you think they would be a good asset, feel free to LMK and I’ll shoot them an invite. Think of this as a Mobility think tank 🙂
Going alphabetically through my LinkedIn pplz
Oh hi! 👋 @braddle, welcome to mXe (Mobility eXperts Exchange). How are you today?
How's everyone's Tuesday going thus far? Here's hoping you're either currently enjoying or planing on enjoying lunch soon (west coast peoples)
Anyone know if Microsoft ever added MDM support outside #Intune for their iOS/Android apps? https://rcpmag.com/articles/2015/06/19/mdm-outlook-for-ios-android.aspx
We're happy you're here, @jonboulos! Welcome to mXe (Mobility eXperts Exchange). What's new?
Hey @MobilXperts Admin! Thanks for setting up the group! Excited to connect with everyone here!
Welcome! Thanks for hopping on board. I think there's potential for a lot of great learning and networking.
@matt.proudfoot has joined the channel
Currently sitting through a XenMobile deployment seminar. Anyone happen to have it deployed in their environment?
No XenMobile here. Interested to hear of your thoughts after you get out of the seminar.
So far, it’s just a very bland offering. Zenprise purchased by Citrix, rebranded XenMobile
Interesting: “A single XenMobile Server can serve 10,000 devices” - You mean that’s it?
The way I see it, the company who can innovate solve the most mobile “problems” is going to win. Each are doing some… such as this one Citrix just presented: Secure Forms - http://docs.citrix.com/en-us/worx-mobile-apps/10/secure-forms.html
@ericwoodland uploaded a file: So I'm sitting in a XenMobile presentation with this shirt on...
#DaFuq Slack? Why U make me go sideways?
Appreciate the invite sir @MobilXperts Admin
How are things on your side of the world?
Things are well, I can't complain. Keeping busy at Ford. Not digging this hole humid and hot summer we've been getting in the Midwest though
I hear you - the Ohio Valley is a pressure cooker right now
added an integration to this channel: Skype
Congrats, Skype is now ready to use in any of your channels. Simply type /skype to start a new video call.
Bolting-on some Add-ons to Slack - My favorite part 🙂
@clappa00: did you see @matt.proudfoot joined just for you?
Thank you for the invite. This sounds pretty cool. How is everyone today?
Yeah! There aren’t really a lot of great forums for ppl to exchange thoughts/questions in realtime, so thought a Slack team might help bring that alive for us
Some super sharp ppl here - @Jonathan Henson, for starters!
So @txnshadow was a customer of mine at Texas Capital Bank - He’s got a big background in Exchange, but the same as lot of Exchange folks… has inherited Mobility as well 🙂
I know! Don’t get me wrong ❤️ to IRC from back in the day… but it’s a little outdated
and while we’re on introductions, @jaimin.s is also a former customer of mine from MobileIron. He’s currently with Blackstone up in NY and having all kinds of fun, specifically with iOS SSO and KKDCP (Kerberos Proxy)
PS: the Giphy plugin is awesome sauce
The best way to convey your message
He’s made a couple fun discoveries, but we’ll move that conversation over to a new channel
It's kind of like spinning the roulette wheel man you don't know what you're gonna get.
Yes def a follow up discussion on kerb needs to be had under the MI channel, currently trying to get Apple to own up to their BS.
We aren't pursuing KDC or Kerberos yet, but I'd definitely still be interested in discussing more
It’s so much fun - Very useful, but a lot of moving parts
though I see SSO/SAML/IDPs being more useful long term
Seriously forgo KDC integration if possible and use MI access to Eric's point.
MI Access is only for cloud customers though correct?
Who’s the vendor for Work Place Join @jaimin.s?
MI access is available is to on Orem staring at core 9.0.1
Wow, out since 2013. How have I not heard of this? Nice #WorkplaceJoin #ADFS
How WPJ woks is that you get the profile on the device to get the device enrolled and then you're good to go with the user not having to login
The redirect happens from the service provider to ADFS to WPJ
Yeah, looks like it leverages Azure Active Directory Device Registration
and it check the profile. and boom, you're in business
What type of ‘Profile’ is placed on the device?
clearly not anything specific to a platform, since it shows compatibility with iOS 6+, Android 4.0+ and Windows 8.1+
Since it integrates with Azure, AD objects and user data is now stored in Microsoft's cloud though right? That won't fly for us
On that topic - Dumb question: Can you leverage ADFS without Azure Active Directory?
Nice @jaimin.s - Identity Certificates/SAN Values FTW
It is not stored in the cloud this is all done off of our internal ADFS instance
Righteous - Even better. That’s our current approach
Gotcha - So no ADFS Proxies in place?
What I want to know is if i can push the WPJ profile to the devices w/o havin user enroll
So in order for someone to add that profile to Workplace Join, they would browse to a URL on an ADFS server, enter credentials and install the subsequent profile - Right?
I can’t see why not - It would be like enrolling a device to MDM using a PIN instead if U/P
Would require some sort of API on Microsoft’s side
have yet to** rather, kerb BS keeping my cycles occupied
So.. to extend the WPJ one step further
When you access a resource on that device that’s part of your “realm/domain”, is the certificate automatically presented to the remote server/resource?
That’s what I was getting at - I don’t believe it does
Though, I can’t see why it couldn’t be equipped to do so
We approached this with for our app servers and SaaS providers
Right - So it can be used against anything ADFS/SAML-based. Still, very slick.
Yeah - I love the Edit/Delete function of Slack
@MobilXperts Admin: are you guys looking to do something similar at your place?
Potentially long term - Have to get ADFS on as a supported service moving forward
It was stood up for O365 which was decom’d, but for whatever reason we are still using it for SharePoint Online and Lync
For the time being, Kerberos is still our best bet
All I really care to see it used for is Email - We’re getting beat down on tickets of ppl losing track of their passwords, locking out, etc
Don't wanna get in to the business of using MI Emaill app on Android and native app on iOS? That way you can leverage kerberos for iOS and whatever the seamless soulution is for Android.
Oh, God no. Screw 3rd Party. Apple Mail / Android For Work (Divide Productivity Suite)
ADFS Dependencies/Task Overview
No Workplace Join: ADFS 2012 R2 Option
Install the AD FS Role Service
Configure a Federation Server
Purchase Pubic Certificate for Communications certificates
Install required Certificates
Communications Certificate (Public 3rd party CA Cert)
Token-Decryption Cert (Self-Signed)
Token-Signing Cert (Self-Signed)
Deploy the Web Application Proxy
What does this buy us?
The ability to add a "Keep me Signed In" (KMSI) parameter to the ADFS forms based login page on first login.
This would be a manual user action.
This may NOT be available for Kerberos based logins (Will need to investigate).
Expected Cookie Persistence Behavior:
That devices will be able to reboot and re-connect to the site without being prompted for credentials.
If the persistent and non-persistent cookies are cleared on the device, the user will have to enter a username and password.
If the user changes their password, this will end any persisted sessions and will require the user to enter their password.
Microsoft does not consider the certificate on the device to be an appropriate challenge as it is negated should someone gain unauthorized access to the phone.
Persistence settings are not permanent. They all have an expiry date, but it is configurable.
Thanks for this @jaimin.s Storing away to Evernote 🔒
Love @spiderdice's MO: Mobile phones..so hard.
Thanks for the invite and the welcoming! 😜
Room admins A/C broke down @MobilXperts Admin def hot in hurr
Repair complete. Funny cause @thomrburg just went through the same exercise a month ago
If you know anything about me, the words @thomrburg and exercise never find themselves in the same sentence.
Hahaha. Let's just say it was an AC Evaporator Line Exercise
If anyone knows someone that might be interested in a Mobility Engineer position @ a hedge fund/private equity firm in NYC feel free to message me.
Happy Monday! Everyone have an insanely awesome weekend?
Oh, and a belated welcome to @cory_thornton05!
Is there such thing as a Happy Monday morning? 👎:skintone2:
There is when it involves lots of...
It was smoldering hot here - Ohio Valley is definitely becoming synonymous with “Pressure Cooker"
Not too shabby man, some house projects and the gym, usual stuff, you? @MobilXperts Admin
Good stuff @thebjohn - Finally got back from Boston on Friday at 2PM and it’s been a whirlwind since then. Rocked a wedding on Saturday evening and then had our daughter’s baptism/baptism party yesterday. #iNeedSleep #Hustlin
@ericwoodland uploaded a file: Oh, and I’ve got this little project going too...
It’s quiet this week @channel! What’s everyone getting into?
PowerShell scripts to automate admin functions using the MobileIron API.
Any specific functions you’re focusing on?
exporting admins and their respective rights into a CSV for easier processing, populating manual labels - just some functions that are time consuming in the GUI.
@jaimin.s uploaded a file: Slack for iOS Upload and commented: Kanban shenanigans for the next 3 days...
We are going through a mobile vendor review now and we are having a few companies come in to give demos.. We are having MobileIron, Airwatch, and citrix come in the next 2 weeks... My manager just brought up IBM MobileFirst and wants me to look into it.. Anyone hear anything about it?
Good times @clappa00 - Are you serious? IBM took MobileIron’s slogan and used it as the name of their product? Must Google….
Very bland informational site: http://www.ibm.com/mobilefirst/
I’m gonna spin up an EMM and call it MBI Mobile Firzt
I just started looking at that site.. I guess Forrester.com gave them a high rating..
So what happens once Mobile has become first, do they change the name of their product to MobileNow?
We’ll have to go request their docs and compare notes
@clappa00: did you look at this? https://www.gartner.com/doc/reprints?id=1-390IMNG&ct=160608&st=sb
Thanks @jaimin.s ! I haven't taken a look at that yet but plan on it
One thing to note for that report that it doesn't mention is that good and best are fully integrated
Did IBM rename MAAS360 to MobileFirst?
Yeah we actually currently have good and have looked into BES12 a bit but we have had bad experiences with Good lately and don't plan on going to bes12
Are you all just handling the research implementation internally or working with a 3rd Party to assist?
Was thinking you were doing it all internally
We have had to cancel our last 2 good upgrades because they continue to find major bugs in their releases.. We gave also noticed the customer service has become bad.. Plus they are EOL Good in February 2017
Actually GD is EOL in February 2017 and then want you to move to BES12. . GFE is EOL about 9 months after GD
Yeah haha.. I guess they can't EOL GFE because some government businesses still use it and they got a lot of push back.
The Good work app will still work but you will have to do MDM through bes12
My place got it for dirt cheap via Good due to a strategic partnership so kinda stuck with it.
Any one here done an MDM migration from AIrWatch to BES? lol
Ah gotcha. I think part of the problem is that they probably got rid of a lot of good support engineers and kept all the BB ones so that's part of the reason why support has been bad
I've done a quite a few migrations but not Airwatch to BES
Yes - that has been the common complaint. We have thankfully been able to avoid that pain because we have a dedicated TAM and couple engineers.
We finished our migration from GFE to MobileIron last year, glad to be done with it!
Nice! We are in the middle of GFE to GD and had to stop because of a GD MDM bug, but now we probably will wait until we decide which route we go
@clappa00: do you have a product owner you work with to decide?
We are working on putting together our requirements and are going to send the vendors them to see their responses.. Starting next vendors are coming in for demos
We used AirWatch on-prem infrastructure at the last organization i worked for, and personally, thought it was superior to what I have seen with Mobile Iron today. We were also a Citrix customer, primarily for their VDI infrastructure, but we were demoed their XenMobile solution, and it seemed pretty solid. I'm not aware of any implementations and real-world use cases though
Thanks @thebjohn .. My thought is Airwatch is the leader with MI close behind.. The reason citrix got thrown in there was because one of our directors told citrix we were doing an eval and that ended up getting them included.. I have seen the citrix demo but haven't messed around with it..
Confirmed, IBM’s MobileFirst is Maas360 rebranded: http://www.ibm.com/mobilefirst/mobile-enablement.html
I saw a demo of Citrix’s XenMobile last week @clappa00, it’s pretty bland.
Yeah we will be seeing citrix in 2 weeks.. AW and MI next week
Anyone started playing with IAM/IDP providers? I’ve only dealt with OKTA and ADFS, but there are a slew of them popping up such as EmpowerID. Thoughts?
On the same boat here. Amos is looking in to OKTA and PingIdentity
I think there are a couple others, I'll see if he has a break down.
We had an awesome call with OKTA yesterday. They’re at the forefront of Gartner and for many good reasons.
Biggest win for them is Partner collaboration/integration.
@jaimin.s uploaded a file: Screen Shot 2016-08-03 at 10.31.41 AM.png and commented: This could be better though 😞
We had a similar meeting with EmpowerID earlier in the week. Those guys had a good pitch, but when asked about integration with an SAP App called Roambi (as an example), had to go back and obtain an answer.
Yeah, that’s just their base ask though. Can’t publish anything less, but I’m sure they would negotiate down with the right user counts
OKTA’s power-play on the call was using the same IAM to link-up, assign access and bounce-between 3 completely different services. Seems so elementary, but their slick interface and tight integration had us wanting more
I'll let you know what they're about
so oneLogin has the ability to do real time event passing to their service in the cloud to listen for account lock's, deletes, etc....but they can't explain how exactly that mechanism works in terms of how it listens for those changes on the Active Directory Connecter (ADC).
@jaimin.s uploaded a file: Screen Shot 2016-08-03 at 2.27.50 PM.png
@jaimin.s uploaded a file: Screen Shot 2016-08-03 at 2.17.45 PM.png
@jaimin.s uploaded a file: Screen Shot 2016-08-03 at 2.16.49 PM.png
@jaimin.s uploaded a file: Screen Shot 2016-08-03 at 2.16.14 PM.png
It seems like all IAM/IDPs are passing around the same sheet of solutions they integrate with.
1-hour updates (default) and on-the-fly per-user when login activity is initiated
Do they have a holistic list of Apps/Services they’ve successfully integrated with?
My guess is that they will say ‘you can use SWA, SAML or OpenID Connect’ to bind to any service that supports it. Though, a list of successful integrations would be much more appealing
~5K SAML integrated apps, and lead the industry in # of connectors
Gonna give me a sandbox account and take a peek and into all the integrations they offer
@jaimin.s uploaded a file: Screen Shot 2016-08-03 at 2.54.22 PM.png
@jaimin.s uploaded a file: Screen Shot 2016-08-03 at 2.57.14 PM.png
Was wondering when we’d see you 🙂
Hi guys! Dustin here. Thank you Eric for the invite.
Hey @dustinclark! Glad to have you.
@dustinclark: and I worked together at MobileIron for a good while
@dustinclark: Welcome! Eric invited me as well, we connected on a SSO issue a bit back at a firm I was at.
Since everyone seems to be chatting in the general section, I figured that I would post here. Anyone looking at or has deployed MI Access? We are going down the MS path and I'm looking to see how Access can stack up to Intune for DLP controls with MS Office mobile.
Haha @onires53 happy to hop over into the #Sentry channel to further the conversation along
To the Bat Cave!.... I mean "To the #Sentry Channel!"
Haha. Turns out we don't yet have a Sentry channel. I think @jaimin.s just took care of it
Yep... I was thinking the same thing but @jaimin.s was on the ball. 😉
@jaimin.s: ,@jaimin.s he's our man, if he can't do it no one can!
Darn. Was hoping for the Cheerleader Genie
For anyone that has Airwatch, I was wondering what you think about support.. From my experiences it has been bad, but I'm not sure if it has gotten any better
@clappa00: it has been pitiful the 3 times I’ve had to call.
Anyone have recommendations for an iOS-based RDP/RDS client besides the free one from Microsoft?
It’s a piece of junk, to say the least
In my experience with my previous organization, AirWatch support was a bit pitiful. Until we spent the $$ for a dedicated engineer, which ended up helping move our cases to a higher priority. They tend to pay more attention to bigger customers who pay more sadly.
As far as RDP, I used PocketCloud in the past, and it worked, but that's all I can see. Navigating through an RDP session on an iPad into a Windows machine was a shit user experience. Citrix offers some better stuff with VDI and XenDesktop though
Thanks for the feedback @thebjohn - Totally agree about a Windows experience on an iPad - Just the nature of the beast here.
Anyone happened to have tried Jump Desktop?
https://itunes.apple.com/us/app/jump-desktop-remote-desktop/id364876095?mt=8
Morning, all! Anyone dealt with EAP-TLS (cert-based WiFi Access) Core, Cisco ISE and Android lately?
I can't confirm back end network infrastructure though
I’ve got it all set, but the Android device is not liking the publicly signed SSL cert presented by ISE. I’ve confirmed the full GoDaddy certificate chain is visible in the device
It throws the “EAP-TLS failed SSL/TLS handshake because the client rejected the ISE local-certificate"
I have a feeling the full chain isn’t installed over there
in the WiFi - “Apply to Certificates:”, ‘I’ve got the config providing the full GoDaddy chain
Is your wifi config applying any part of the very chain, or just utility a SCEP for the Identity Cert?
@ericwoodland uploaded a file: Pasted image at 2016-08-10, 9:07 AM
Gotcha. We don't apply any certain in the Android config, and only configure our Identity Cert to use our Android SCEP
So it’s giving both the identity of the CA and the GoDaddy Chain
SCEP is tied-in down below under Identity Certificate
It is - That config box just does not show it. #OldCore
Gotcha. We have a different config set up, utilize $USERID$ for Username, $NULL$ for pass its, EAP-TLS, and only utilize our SCEP config for Identity Cert.
So you’ve got SCEP pushing direct to the device instead of being linked inside the WiFi config?
SCEP is configured in the WiFi config as the Identity Cert
Gotcha - Are your identity certs being issued from a CA on Core or a Microsoft/3rd Party CA?
Just curious - It shouldn’t matter in terms of of ISE, etc.
Well, I had it.. then went to try and recreate from scratch and lost it.
It came down to clearing-out the "Apply to Certificates:” field and sending over the GoDaddy chain/CA Identity certificates separately
It is also liking having $USERID$ in the Identity field
Kind of a general question: Anyone found a way to create “webclips” on Android/MobileIron like AirWatch does on Android?
Unless something has changed, I don't think you can create webclips on Android
Believe it or not, AirWatch has some sort of internal function to where it makes it happen
I’ll get you a visual @clappa00 🙂
They’ve found some sort of loophole to make it happen
@MobilXperts Admin: I would like to see that Android webclop as well.
I believe the term used is "Bookmark"
Okay, finally getting back around to the Android Bookmark in AirWatch - Here it is
The “Help” at the middle-right spot on the screen is what was deployed by AirWatch with a link that opens in Chrome
@ericwoodland uploaded a file: Android4-4AirWatch-Bookmark-HomeScreen.png
@ericwoodland uploaded a file: Android4-4AirWatch-Bookmark-OpenedLink.png
I really do think MobileIron could do this with a “Shortcut” pushed via the Mobile@Work Client
I'm assuming you can dictate the icon that will be used and the name?
If you look inside the settings for the client, there’s an option for it to create Shortcuts
Yes, those are both customizable as you would for a WebClip for iOS
FYI I submitted the Android Bookmark request to MobileIron’s Ideas Portal (https://help.mobileiron.com/apex/P3IdeasLandingPage?sfdc.tabName=01r80000000QDDO)
If you happen to be in there and want to vote it up, please feel free to do so 🙂
I'm in... BTW... Check for ideas from me (Jason Serino). I could use some feedback and votes as well. 😉
The interface for the ideas portal kind of stinks
No way to edit/delete once you’ve posted
True.... Added a few more in this morning. BTW.... Look at "Not Planned" idea #0636. It's 2 years old but MI says that Assemble functionality is to be integrated directly into VSP/CORE. I haven't seen that yet. Wondering if that integration was scrapped internally.
Okay! Will do. Yeah, I was really hoping they would get a lot of the Assemble bits added in.
Sorry it’s been quiet here today, we’ve got some busy folks
Prepping to finally get Kindred’s primary Core HA pair off VSP 7.5.3 tomorrow night
Sorry, we’ve now got Dustin and Ben Clark 😆
Most likely we will go cloud.. Had Airwatch on Tuesday.. Citrix next week
Yeah - MICloud or Hosted Core are good options. Especially if you like to avoid change orders/downtimes 🙂
Oh yeah - Security thru obscurity @thebjohn 🙂
Be sure to plan on 2x+ Connectors with Hosted Core since I would assume you guys have complex/multi-layered firewalls in your environment.
doesn't mean you can't ask me about getting ha pairs updated though 🙂
Kaiser just in the last weeks managed to get from 7.5.1 to 9.0.1.1 - holy cow that was fun
and maybe by the end of this year we will have HA implemented
Haha. @dustinclark. Wow! Glad to know Kindred isn't alone
Are you there directly or just consulting?
working on building a customer base for a mobile experts team - that is still a little on the hush though.
sounds like there is still quite a lot of people looking for experts to assist with projects or provide some level of guidance.
@thebjohn uploaded a file: Hooray for Friday's
anyone using the Windows Slack App and have thoughts on it?
I have not used it on Windows. @Jonathan Henson might be able to speak to it
It's pretty decent. I had to turn on hardware acceleration from settings though because the window likes to stay in place ghosted when minimizing.
otherwise though keeps you aware of whats going on?
Yep, you receive notifications from the desktop app just like you would on your phone or when signed in to the web app.
If you’re on the MI Ideas area, would you mind voting this one up? It would be uber useful in Core: https://help.mobileiron.com/customer/P3IdeasLandingPage?myideaId=38051
Question to the team: Has anyone had success with deploying an On-Demand AnyConnect VPN to Android devices? Starting with 6.x and working backwards.
It’s working fine when manually activated, just no-go with any sort of On-Demand capability.
Anyone happen to be using 1+N Whitelist configs for Supervised iOS devices?
Just had a great phone interview for a Mobile Success Engineer position at Apteligent! Hoping to get the job! 🤞😁 https://www.apteligent.com/company/careers/career/?position=owMq3fwv
I think they are actually developing an app for us right now.
Yeah, I was talking to him about his frustrations with the AppConnect SDK.. ;)
Shoo. I bet they say the same about any wrapper these days. #GoNative #NoThanksToTheWrapper
I wonder what their thoughts are, along with other AD companies, of the AppConfig Community that MobileIron and partners are trying g to get off the ground. (www.appconfig.org)
AppConfig community is a beautiful thing. Like MSI transforms from Windows into Mobile platforms
I can't believe something similar didn't take off prior to now
I agree... Curious to see how well it is received and ratified through the EMM and app development companies. If it takes off. It would a great thing.
I mean, if you look how useful AppConnect's AppConfig was with apps that supported it... take that and apply it to every app out there and it would be insanely awesome, especially for the end user. Definitely drives the need for EMM over basic ActiveSync controls, etc.
Was anyone affected by the M@W 8.0 Policy Delivery/Acknowledgement bug?
We were but weren't aware until the new release specified the fix
Wasn't a large impact, but we noticed it on a few devices
Did you guys make a change to policy with the buggy version? That could be a headache.
Likewise. Made no changes here while waiting
No changes here. Policies would technically still apply, but still show in Sent or Pending state. To the end user, they shouldn't know otherwise, more of an admin headache
Anyone noticing sluggishness within the Apple VPP service?
Purchased 100 free licenses for VMWare View on Friday. Today they just showed up in our VPP account and still aren’t populating inside our Cores.
Not sure. Ale service status shoes green across the board, including their vpp service.
I can't type. Apple service status**. That's what I get for using slack on my phone =/
LoL - Thanks @gbohnenstiehl! It’s an odd one. Usually VPP is very quick from the ‘Request’ to showing in the EMM console. For this VMWare View it’s been snail-paced
ya'll able to do new enrollments for iOS 10 on Core 8.5?
We’re doing new enrollments for iOS 10 on 7.5.3 LoL
During enrollment or post-enrollment?
Just need to shift this iOS 10 iPad DEP to an 8.5 Core
Might be because MI doesn't have the OS string for the latest beta?
Nah, it would still enroll and display as iOS
Issue with iOS 10 enrollment seems to be resolved after upgrading to 8.5.0.2 from 8.5.0.0 and a DPU update.
Anyone tried to use VPP Request -> Import to EMM today? Looks to still behaving like I saw late last week…Apple’s end not presenting any updates
Can iMessage be removed from devices if they are supervised?
Not removed - but same difference to the user
Sweet, thanks! That's what I was thinking but wanted to make sure
Yes - To use Whitelists/Blacklists against apps.
You also have the ability to disable iMessage w/o hiding it, also on Supervised devices.
Ya - easiest course of action to take is the Messages restriction. That’s been available for a while while Hide/Show will only work on 9.3+.
@MobilXperts Admin: Are you still seeing slowness with VPP?
@thomrburg I actually made a discovery. Apparently using one VPP token across 1+N EMM servers is a no-go
so Now I get to establish 8 Admin accounts under our DEP Program
It worked for several weeks - Guessing it triggered some sort of velocity check
Generally it’s only a race issue - don’t really have a problem with it until licenses are consumed on one end or another. I’ve also seen where revoking can cause the issue to surface. But, alas, the only supported way to share a toke is between MDM & AC2 (if the vendor supports it).
Tokes with vendors… I have no clue hoe we ended up with 70k extra licenses!
Without using Assemble, has anyone found a combination of values/criteria to delay assignment of a Label in Core?
Anyone have any devices affected by Pegasus/Trident?
Not to our knowledge, but security here is having us bump our minimum OS version to 9.3.5 here in a few weeks to help mitigate some risk. It's going to piss off a lot of end users, but make us in Engineering very happy
BTW - The closest I’ve gotten to delaying delivery of a Label is "common.lastconnectedat" <= "now-1m") AND "common.retired" = false
Basically, a user signs-in to Secure Sign-In (initiating a check-in), then the label applies 1 minute later
The odd part is that the label shows as having assigned in the Labels area, but doesn’t actually apply to the device.
You can set priority levels in configurations and policies, which is an option if assigned 1:1 labels
Yeah, the priorities are correct. It’s going from Default Security Policy (no lock code) to Corporate Security (4-Digit). The user-created policy has no issue trumping the default
Has the Security Policy applied? I have seen it to if the Security Policy doesn't apply first, all remaining config a and policies remain in a Pending or Sent state
Nah, it’s an issue with the Label applying first
Once the label actually applies to the device, the policy comes right down
The odd part is that the label shows as having assigned in the Labels area (increments +1 and lists the device), but the Label and associated Policy don't actually apply to the device.
Do the config and policies assigned to those labels also show applied in device details?
b/c the label assignment to the device never makes it
It’s very odd. I’ve never had a label list the device under Labels, but not actually bind to the device
I’m honestly kind of pissed that MobileIron isn’t evaluating all types of deployments, such as what i’m working on. Surely we aren’t the only customer wanting to deploy a “Shared iPad” transitioning the experience using Whitelists and different Security Policies
The main issue being that iOS Security Policies requiring entry of a new lock code and Whitelist application/removal don’t go well together.
You’ve got to delay the deployment of the Security Policy, or you get this hodge podge of “Set Lock Code/Wait until Later” pop-ups that will surely annoy a user.
Unfortunately we aren't using that scenario here, so I wouldn't be able to test. But I agree, I would be curious to see their test cases they run through, but it would be impossible to test every single deployment scenario
Yeah - I suppose it’s more like..they should look at areas of weakness on platforms and figure out how to best make up for it.
They’ve been good about doing it in terms of Help@Work, Docs@Work etc.
Anyone had issues w/ the 8.0a client creating DB entries with corrupt data in Core?
Not that I'm aware of. What kind of corrupt data?
Invalid characters when you dump device data from the API as devices.csv or devices.xml
MobileIron is near confirming that it stems from the new iOS Client
Interesting. Let me know if they confirm.
@japple: may still have a visual he can present to give you an idea of what it's doing
MobileIron Support confirmed that there is a known issue with their client v8.0.1. A managed device with this client version has a chance to send a corrupt data entry into the MobileIron database. They are working on a fix and plan to have it included in the next client release, which may be in a couple weeks.
Thanks for the heads up. I'll let our team know
Not sure if anyone has GFE still but if you do, you need to upgrade/install a hotfix.. Product advisory came out with huge iOS10 issues yesterday
That’s “Good For Enterprise” if anyone had forgotten the acronym, haha
I am glad to see we no longer have to deal with GFE
Examples have been like this...
Line Number 8137936, Column 31: <key>ÿÿ0¬q0óq8hG5</key> Line Number 6938192, Column 27: <key>Ð@öVsecuritystate</key> Line Number 6930059, Column 29: <key>àuúЧúsecuritystate</key> Line Number 8130398, Column 29: <key>àÈå?Ôsecurity_state</key>
We'll get an export and search for this item and at this point we've been retiring the device and registering the device back into core.
Well if anyone has good dynamics, good released another product advisory for MDM and iOS10 issues. Looks to be issues with their NOC
Everyone watching the #AppleEvent?
Anyone else get annoyed with how often the crowd claps at everything? It's excessive lol
Haha, I thought the same thing @jaimin.s
It's a live studio audience, something California residents are inherently good at
Ahh, nice to see they included the 1/4" adapter as part of the iP7
Not that I've used a wired headset in a long time, but for those old folgies
I'm still an old fogie and haven't made the jump to wireless/Bluetooth headphones
No wireless charging still, a feature I was hoping they would add to the 7
Hehe - I use my Plantronics set across all my iOS and OS X devices now. Wires just annoy me at this point
I’d like wireless charging, but would also be happy with something similar to the MagSafe used for the Apple Watch
Fortunately, iOS 10 Betas are working well with existing versions of Core. 9/13 shouldn’t be too painful, in terms of baseline management for those who upgrade.
Anyone using Airwatch? https://support.air-watch.com/articles/100489447-Getting-Ready-for-iOS-10 - looks like their customers will need to update all AW first-party apps/app wrapping SDK before updating to iOS 10. If not, and they’re using automated Compromised Protection, customers run the risk of having devices wiped once they check-in.
Thankfully were not wrapping but we do need to get our user base up to the client version that supports ios10
Sounds like the way to go is to disable compromise detection in all compliance policies.
If we get VPP in place is there any way to get the app pushed to the devices? These aren't DEP devices but they are supervised via configurator for iOS.
@jaimin.s Yep, that should work just fine. VPP device-based licensing doesn’t require DEP or supervision, only iOS 9.x. For silent install with zero user-intervention, however, supervision is required - either over the air with DEP or manually through AC2.
Anyone investigating, investing or using Mobile Threat Detection? We are looking at this technology.
Lookout, Skycure, CheckPoint, etc. On a call with Zimperium right now
I've seen the Zimperium pitch. It looks like a great product but expensive.
Anyone tried blocking Update Notifications/Badging on iOS 9.3+ Supervised devices? Looks like I could block com.apple.Preferences and maybe accomplish it.
We are currently getting DEP up and running to move forward with supervised devices
I think the toughest part of DEP is just getting it going and incorporating it into your procurement processes. The rest has been fairly smooth.
Has anyone tried using a Safari Web Content Filter (Blacklist) to prevent iOS update notifications from popping up? Requires iOS7+Supervision, but might be useful in case a device ends up on an open WiFi network where you don’t have the ability to blackhole the URLs. https://veffort.wordpress.com/2015/09/21/suppressing-ios-updates/
I presume most have seen this but thought I would share again - http://www.itbestofbreed.com/slide-shows/why-mobile-ninjas-channel-are-crucial-emm-vendors
Anyone dealing with the iOS 10 and MobileIron Tunnel VPN issues? "Known Issue: Inconsistent Per App VPN behavior in iOS 10 when using MobileIron Tunnel"
Well aren't you the lucky one. 😉 Are you not utilizing Tunnel or per app VPN?
What version of tunnel are you using? Not sure if 2.0 is out yet
Neither at the moment. We are testing Tunnel currently.
Nah. Kindred isn't using Tunnel ATM. Still an AnyConnect shop.
Anyone seen an issue after upgrading to iOS 10 with an enrolled device not being able to access Apps@Work anymore? Just ran the update on my production device for testing, and Apps@Work throws a 401 Auth Failed, requires username and password
Appears to be an issue with Core v8.5.0.0 support ability with iOS 10. If anyone is running prior to v8.5.0.2 of Core, iOS 10 isn't officially supported
Good deal. Here’s the official MI post on iOS10 BTW https://community.mobileiron.com/docs/DOC-5060
That is correct. You need CORR 8.5.0.2 or higher to be iOS 10 compliant. We updated from 8.5 just this past weekend due to this.
Yeah, we’ve blocked updates on the corporate network and are going to 9.0.1.1 this coming Frida
MI Really should rename CORE to CORR - Has kind of an Evil ring to it
How are you able to block upgrades? Apple won't ever relinquish that API
We are upgrading Prod to 9.0.1.1 in 2 weeks but until then, I guess too bad for users
We send Apple’s DNS records for iOS into a black hole: (mesu.apple.com/appldnld.apple.com)
We are going to CORR (evil edition) 9.1 in a few weeks.
We created a "work around" that is manually ran based upon beta version released that applies a non compliance action to the device if not running an approved OS, once approved, the non compliance label is removed. Still pending management approval.
I came up with 2 other ideas.. which have yet to be implemented here. Both require Supervision
For devices we own (and that have iOS 9.3+Supervision), we can deploy a Web Content Filter from MobileIron/AirWatch that will deny access to http://mesa.apple.com. This will disable the device’s ability to pull/display the notification pushed from Apple when an update is made available
We were going to do 9.1, but people here prefer .x.x releases. Let the major and .x release run in the wild for a bit and let other organizations find bugs
@ericwoodland uploaded a file: Pasted image at 2016-09-13, 2:53 PM
For devices we own (and that have iOS 9.3+Supervision), we can deploy a Notifications configuration to block the ‘Update’ Badge that is displayed on the Settings app. It will not prevent the user from manually entering Settings and initiating an update, but for those who can’t stand to have an unchecked badge it will deter them from tapping into Settings and initiating the upgrade. We can then Unhide the badge when the ‘All Clear’ has been given.
Interesting. That's what organizations are doing, creating work arounds. The non-compliance action we will enforce will only be beta releases most likely, we will just accept risk for new OS and tell people if they had issues, sol
Hmm, viable option, thanks for that info.
I’ve got a visual, will send a link in a second
@thebjohn: we usually do the same but 9.1 seems to have some proposed bug fixes that with the older releases would cause issues for us.
ATM 9.1 has a bug affecting Device/User-Based VPP
We were going to go 9.1.0.0 on Friday, but were advised to stick with 9.0.1.1
We don't leverage VPP at this time. So it's not a deal breaker for us.
Ya, 9.1 has a few fixes I really wanted, one in which is system manager portal timeout when uploading large log files and unable to view progress after timeout. Oh well
So besides that little hiccup with activation for the first hour or so, how did everyone’s iOS10 updates go yesterday (if you weren’t blocking them)?
Personally, everything went fine. Any insight as to what actually caused the hiccup?
I’m not looking to shame anyone, just curious
We instruct users not to update, only 150 or so have so far
You know that scene from Airplane? Probably something like that...
Mix of both, but primary byod. Only about 60 company owned have upgraded. Our executives do whatever they want even though we tell them to hold off, you know how that goes.
You aren't going to argue with executives of Ford if they want to do something. I value my career
So what’s the primary use cases for still holding off these days? AppDev isn’t sticking to update cycles? Network integration? Just because?
Security and testing for basic exchange functionality. Security is big on documenting any potential risks and requiring approval of risk acceptance. We assume basic email flow and core communication won't break, but that isn't always the case. Remember the whole 9.2 or 9.3 version I believe that broke MDM communication?
It's becoming more of just let people update, but if shit breaks, you are s.o.l until it's deemed approved internally. Basically, user accepts the risk of something not working if they upgrade immediately
Culture, mostly. Starting to shit-list 3rd Party app vendors based on those who don’t have apps ready to go by the time the GM is made available. There’s no excuse. This is the 5th major iOS upgrade. You can’t tell me you didn’t know it was coming
Yes, I’m on AppleSeed for IT @thomrburg
I already here people bitching about not being able to swipe to get to the lock screen keypad, that swiping now pulls up other features lol. Having to press home button is inconveniencing people
Ya, that’s exactly the reason behind ASIT @MobilXperts Admin - hopefully settling that fear by getting to work early in the release cycle. They’ll only have to make a jump early that first year they get on board, and every year thereafter it’s a yearly cycle June-June.
But, unfortunately, regression bugs are real in this world regardless of where the code comes from, so I still see the point behind holding off even when GM comes along.
And now, I've noticed Apple is doing Beta 7, 8, 9 releases before the GM. By release 8, these vendors should be pretty confident in being able to test their apps on that release, usually pretty damn close to the GM release
Ya, this release cycle was crazy - I can’t believe it went that deep.
Me either. It's a good thing though, more time to vet out bugs
Yeah, but they did a great job on it. I was on since Public Beta 4 or so and it honestly felt solid from that far back
What is the minimum OS version requirement everyone is allowing for Android devices?
Would really like 6.x so we can use AFW across the board but it would eliminate a lot of the devices our carriers are selling to the. Haines.
Ya, we are still allowing 4.0 and up for byod. We are trying to get it to at least 5.0, I need security's help to justify the plethora of vulnerabilities
Yeah - We’ve got Android as old as 2.3 still in our systems. Just not allowing anything new beyond 5.x
Interesting. I didn’t realize Noah Wasmer left MI for Apple, then headed to AirWatch.
But I guess technically he was with VMWare before, so it made sense
they are good. Sometimes hard to get stuff completed around here.
Haha - I’d be curious to compare notes there… ditto where I’m at
have a question for everyone about an issue I am having. Our MDM is AirWatch, we have both Exchange on Prem and o365. We are testing the MAM part of Intune and if I have AirWatch configured on the device and try to configure the iOS Outlook application it will start to work but then one or the other will stop working. this is just for o365 users. Any thoughts?
So you’re hitting O365 from the iOS Outlook app, which was deployed via Intune MAM? The only reason I can think of is that O365 is only allowing one concurrent connection and dropping the previous when you link-up the iOS Outlook app.
None of the MDMs or MAMs have any control over the O365 ActiveSync settings, so it’s probably on the O365 level
my theory was that even thought the native email client and the outlook app give different activesync device id's they are still fighting one another because it is going to the same device.
Nah. Two different apps can access the same server simultaneously. The server differentiates the different connections based on TCP source port on the device. .
@MobilXperts Admin agree. @runderwood interested in your testing. We are looking at the same setup (MobileIron and Intune for MS MAM capability). Although I need to really dive into Access and see if that will provide a lot of the same core functionality that we are looking to gain with and Intune MAM deployment.
Good luck @onires53 I would be interested in how your testing comes out. We are setting up a working session with Microsoft. I have been working with airwatch about a year now. My past company I built out the whole mobileiron environment.
https://bayton.org/2016/02/restricting-access-to-activesync/
Anyone have a recommendation for Text Blasts?
LoL - Forgot, it’s Friday. I should have been on the lookout for that
more of an emergency/mass broadcast need
You can send SMS and/or Push Notifications. Customize to Labels
so what’s new with everyone? Been a little quiet the past 4 days or so 🙂
My wife and I had our baby last Thursday, so I've been a little busy 😁
Thanks man! @MobilXperts Admin
Right on! We have two daughters. You'll have no problem being her favorite.
Any chance Christmas is coming early in the form of an iPhone 7 for anyone?
Nice! Waiting on Christmas here in form of a iP7 Plus.
Only problem with the iPhone 7 is that it is basically just an iPhone 6s with a little better camera to be honest.
I’ll be honest though, I’m not really looking for anything new hardware-wise. Just need more 3rd parties to embrace what’s already being baked in
@clappa00: I can't argue with that. Other than some "water resistant" technologies which I won't be testing, and a bit faster processor, you're correct
@MobilXperts Admin just make sure you get the wireless ear buds. We need to make bets on how long you go without loosing them. 😋
Haha. I don't know why people have such butt hurt over all wireless everything. I've not plugged-up a headphone using 1/8" in years. I do agree tho, the earbuds may be tough to keep track of.
@MobilXperts Admin: I thought the exact same thing when it was announced, and people freaked over it. Bluetooth and wireless technology has been around for many years, this isn't anything new.
Nothing new but the form factor of those is not conducive to not loosing them. One thing to have BT over the ear headphone s and another to having two separate earbuds the size of a large peanut.
They need some sort of magsafe implementation to bring them together as one when not in use
@clappa00: Nope. Did anyone get a new car because their phone exploded? Lol
@thebjohn: hahaha. Mine didn't explode but the "fixed" one got extremely hot when charging. So I put my SIM in my work iPhone
Haha.. if my Jetta TDI wasn't already heading back to VW, I'd say lend me your Note @clappa00 so I could roast it and file an insurance claim
I wonder if Samsung will be forced to disable all of the note 7a out there that haven't been returned. Makes sense to avoid lawsuits
True. Maybe work with carriers and disable cell service or something
I suppose they'll just put out a disclaimer that if you own one and leave it on a charger after the recall.. you better have ample House and/or Car insurance.
I got a text from AT&T a few minutes ago saying to turn in the note 7 if I have one
There's gotta be some point where they'll wash their hands and blame the rest on consumer ignorance
What version of Core and Sentries are needed for Exchange 2016?
I want to say at least Core 9.x and Sentry 8.x, but not 100%
December 7, 2015: MobileIron is currently testing the Sentry with Exchange 2016. Until testing completes, 2016 is not supported (but should work). It will downgrade to ActiveSync 14.1. ActiveSync v16 has not been added as of Sentry 8.0.1.
Haha… we’re still rocking Exchange 2007, so I guess we’ll soon be part of the unsupported realm as well, just at the other end of it.
We just migrated to 2013 from 2007 within the last year. And we got hooked up with 5gb, which means people now store an unbelievable amount of useless shit
Sheesh. There’s such a thing called SharePoint, DropBox, CIFS Shares… you know, places you can store files once and collaborate with many.
Oh we utilize SharePoint heavily as well, but apparently the thought of hyperlinking to a document rather than attaching it to an email is too much work for an end user 😒
Lol. They do have mandatory cleanups of inboxed, but it's at the user's discretion
Yeah, I do like the Retention policies.. it helps at least make them aware of how much useless stuff is crammed in there
So the WiFi issue I brought up a while back on iOS 10, it is a known bug with Apple, but doesn't affect all devices which is strange, but they can reproduce. Hoping for an OS update with a fix soon
The intermittent connectivity issue @thebjohn?
Good. At least they issued a confirmation on the issue
Anyone here work with RES for Migrations and whatnot?
Their RES ONE platform is pretty slick. Sitting through a demo now
I would be extremely interested to hear about that.. We will be going through a big migration in the coming months
I got some screenshots. I'll send them when I get back to my iPad
@ericwoodland uploaded a file: RES ONE Modules
So it doesn't appear they currently have a module for BES 5.x @clappa00, but they are rapidly kicking new ones out. I'll ask if that's on the roadmap sooner than later
We finally got rid of BES 5. Looking to get rid of Good
Oh yes, duh. I'll ping them on Good and let you know what I hear back.
Anyone leveraged Apple’s B2B program lately?
Wow, y’all must be overworked or have won the lottery 😁
over worked sounds right
We had a data center go down, and redundancy wasn't all set for a lot of systems, so we've been having some fun these past few days
You have the entire data center go down? Like loss of power, or something more extreme?
Power shut down due to an electrical fire (which is public knowledge and was announced).
Yeowch. Nothing says impromptu DR exercise like an electrical fire
Other than that, this week has been superb lol
My guess would be "move everything to the cloud "
DEP environment built out and being configured. On our way to doing supervised devices for all Corp devices moving forward. Android Corp devices being brought in. iOS 10 giving us hell, electrical fires, systems down, we are having a blast
That sounds pretty hectic!! We had a Datacenter go down about 2 months ago... Not fun at all..
Have you submitted any new feature requests? Have a couple in ourselves. All of which @Alex Mercer keeps telling me are already in MICloud
Since you're buying android corporate devices, are you looking at android for work?
Their provisioner app looks pretty cool. Uses NFC to identify a device as a corporate owned asset, thus allowing a full device wipe (versus selective for general Android for Work enrolled devices)
We are looking into it yes. Another team is handling that, and I know they have come across some issues
Gotcha. It's going to be a lot better on Core come 9.2
Yeah I really hope we can get a POC and move forward
If anyone still has BES10 the EOL is June 2017.. Just an FYI
You’re thinking of MICloud if you go MI, right @clappa00?
We are thinking hosted.. I think they said MICloud is going away right?
Okay cool sounds good thanks.. We are definitely going to go cloud which ever product we choose
Gotcha. Any chance you’ve heard the acronym CASB thrown around lately?
Think of it like a Sentry that sits in the middle of your authentication traffic for Cloud-based resources
Yes.. it’s in Beta right now. You’ll see it under the name MobileIron Access
Ahh yes I have heard of MI access.. That looks really awesome
Yes. Will be a must-have once services make their way to the cloud and use SAML (OKTA/ADFS/PingIdentity/etc) for access
Good to hear. You’ll definitely want to think about integrating that if you’ve got people using generally available apps connecting to cloud services
Another +1 for MI in terms of overall value and looking ahead
We use some saleforce so they could be a plus for that
That’s one of their most prime examples of use
But realistically, it would be for any cloud-based resource. If a device isn’t on the Trusted list, the app is denied access. Regardless where they obtain the app from.
Then you don’t have to worry about using ACLs to restrict access from only trusted networks, etc
Technology is so freaking cool 🙂
So what’s up with @dustinclark, @matt.proudfoot and @onires53?
2 weeks from hell. No data center outages but total rework of our CORE.
Aw good Lawd @onires53! Rework in terms of labels, configs, architecture?
So what do you think happens when you use UPN as your UserID in the CORE configuration setup and then your company has to change everyone's UPN due to another Global project?
Oh we tested alright. In prod due to bad PM'ing by the other team.
If I register with my UserID as setup in our CORE (aka UPN) and then my UPN is changed.. on the next LDAP sync, the device "orphaned". We rely heavily on AD for filter labels and admin rights.
Onires@xxxx doesn't exist anymore as far as MI is concerned , according to the LDAP sync. So all my filters are removed and access is revoked.
We were able to solution around the issue and it worked but now I'm having to rework the whole filter label scheme for the US.
Sounds like a lot of us have been killed recently
Yeah. We thought we were going to have to retire and re-register about 12k devices but we put together a solution and had MI develop the script. Great partners to have. 👍
Mobile Iron just announced the GMRC for Core and Cloud 9.2.0.0 FYI. Lots of new features and fixes
Awesome @thebjohn - They had communicated 11/16 as GA so they're right on track. We'll be going 9.1.1 on 11/18 and then 9.2 1Q of 2017
Interesting read. Definitely time to get onto iOS 10. http://blog.trendmicro.com/trendlabs-security-intelligence/ios-masque-attack-spoof-apps-bypass-privacy-protection/
@thebjohn @MobilXperts Admin Is there any publicly available documentation on the CORE 9.2 release? Fixes and enhancements more specifically.
@onires53 my customer advocate is sending me a high-level list today, supposedly
They sent the GMRC release notes to current MI customers, but I am unsure if that information has been made public to non-customers as of yet
Yeah. Somehow we were excluded from that. Only been a customer for like 10 years now, LoL
Strange? Are you signed up for all the announcement emails? If so, you should have gotten. It's the same distribution list for regular support announcement emails if I'm not mistaken @MobilXperts Admin
Oh, and we just discovered an issue when we had our data center outage. After reviewing with Mobile Iron, they confirmed a bug in Reporting Database v1.6 with Core 9.x that can break the sync. Basically, engineering stated a shut down or reboot of RDB can cause this connection to Core to break, and regenerating new Tokens doesn't resolve. They confirmed there is no work around, and the fix is in development coding and scheduled for RDB v1.7, tentative Q1 2017. This haulted our production reporting now, so needless to say, management isn't stoked.
RDB throws a PSQL/401/503 error, so heads up if you guys are on RDB v1.6
Interesting @thebjohn. We have RDB, but don’t actively use it for much
Most pulls are done directly from Core nightly
Ya we have a front-end built in-house that pulls from RDB nightly with some pre-configured reporting we have on our end. Just thought I would give you guys a heads up if you are on-prem and running RDB 1.6
We didn't get it either. I'll have to track it down.
Nice! That’s inspiring @thebjohn - Neat to hear of ways in which things are being used
Wow, Core 9.2 is chock full of goodies @onires53 @thebjohn - Customer Advocate got the list of features over to us last night.
Who do you have the pleasure of being assigned to @onires53?
We've got Rob Thorpe. He's been solid since we were shifted to him
We have Sarah Garcia. We just started with her about 3 months ago. So far so good. Very responsive and gets things done.
Anyone here gone to Google's G Suite?
We're prepping for an evaluation. Discovered that Core does not carry over the Google Account config from Configurator
Nah. The G Suite (aka Google Apps for Business)
So if you want an iOS device to configure its Mail client (and other things), you need a Google Account configuration (like you'd setup manually if you added a new account -> Google in Settings
I created one by hand in Configurator and imported as an iOS Configuration to Core. Works great. Just need a wizard in Core so we can deploy to the masses using $EMAIL$ and other dynamic values
Is anyone have AirWatch setup with DEP (Apple Enrollment Program) and having major issues?
@runderwood While we have an instance of AW, we only have DEP configured in MobileIron (since that’s where we are migrating everyone to)
we are having weird issues. If a user has a non dep device and gets a dep device, then restores from an icloud backup the dep device freezes. Also having issues if someone enrolled the device using DEP, then unenrolls and re enrolls as a non dep device it causes issue when updating the OS and if that user does not unenroll and just resets the device the next user will walk through the DEP enrollment and the device will configure as the previous user. sorry I know it is confusing. I wish I knew if AirWatch is taking this seriously. Frustrating.
Sorry to hear about all the issues but this is good info for me.. We are doing an eval currently to switch to another EMM.. And DEP is a big decision factor for us.
Interesting @runderwood. DEP is based on device Serial #, so a Non-DEP device shouldn’t be able to affect a DEP device; regardless of a backed-up/restored state.
The second bit about Enrolling/Re-Enrolling and the system not following along… definitely sounds like an issue with the AW product, not the underlying DEP assignment, etc.
What I think is happening is that there is an existing AW cert on the device and instead of AW writing over it it gets hung and freezes.
@ericwoodland uploaded a file: Shit Shelter is fully built and ready to go.
@runderwood - When you say AW Cert - Are you talking about the MDM cert or something more specific to AirWatch itself?
I just realized the need for feature request in Slack. Where you can go and move previously posted messages to certain channels where they’re more appropriate
@runderwood Are you using authenicated DEP Enrollment? Based on what you’re describing, I think this is going to be the expected behavior in AW regardless of it being enrolled via DEP or not any time the previous enrollment record is hanging around...but perhaps authenticated enrollment could help with that.
BTW - Not sure if everyone has seen it yet, but we’ve made the MDM Protocol Reference publicly available now (no paid Dev subscription required) - https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/1-Introduction/Introduction.html
@MobilXperts Admin . yes either the mdm cert or the AirWatch device Root Cert. the certs are backed up during an icloud backup but not during an iTunes backup.
Right, @runderwood. But you’re talking about a backup/restore of one device having negative effects on another device that isn’t even part of the backup/restore process?
We have had issues with backup/restores as well.. But not with DEP.. We are having issues where Good Dynamics allows the decide to register without enrolling them into MDM because the console thinks it already has it on here from the previous device it was restored from
@MobilXperts Admin This is an icloud backup of a device that is not in the DEP and enrolled in AirWatch then restoring to a DEP device via icloud backup. It is confusing.
Oh Lord. I can't believe Apple wouldn't stop that in its tracks before it even began
@runderwood Did you figure this one out yet? Was this iOS 9 or 10?
Enterprise Mobility may becoming a thing of the past
Can't wait til Christmas to wrap everything up.
Morning, everyone. Here’s hoping you had a great weekend!
Anyone happen to have an iOS Managed App Config template for Cisco Jabber?
Realistically, they should be publishing them to http://www.appconfig.org but it hasn’t happened yet
Happy New Year, all. How’s everyone been?
Nice! Missing everyone @dustinclark. it's like everyone forgot how to use Slack during the Holiday season
I hear you. The MacOS and iOS/WatchOS apps keep me looped in perfectly
Happy Friday afternoon! Anyone successfully setup MobileIron On Premise with a standalone Sentry to connect to MS O365 multi-tenant environment..... and pass ActiveSync traffic successfully? Having issues and trying to get MI on a call.
Why not do Office 365 with MI access as the CASB? That way each tenant can pass SAML auth to Access for auth and then access O365 directly?
Then you don't have to worry about the Email Sentry getting tripped up.
Hmmmmm but will this still allow for blocking of ActiveSync based on our current security policies? Or is this more of a conditional access solution. Maybe one in the same...
Access is a Sentry (SAML Proxy) that checks with Core (just like the email proxy) to make sure the device accessing the cloud service is managed.
If yes, it allows the authentication traffic to pass. If no, it denies.
Just takes the on premise email proxy part out of the mix, because it's not really necessary with a CASB in place.
I see what you are saying. Have you worked with Access before? I've only read information but haven't played with it.
@ericwoodland uploaded a file: Image uploaded from iOS
Working to implement it at Kindred. Have it mapped out in my head. @jaimin.s has hands on.
I've seen this deck. Talk with MI now. I think we'll have to use Access. Talking a look to see if that is the only option. @jaimin.s If you have any insight into Access it would be greatly appreciated
Yeah. It makes sense for cloud based solutions going forward. O365 can be your catalyst :)
We are a dedicated O365 Exchange environment right now. This is for another group and it's on a tight deadline so it is trial by fire.
The good thing is you've already got a Sentry up that can run the Access service. Just need to update your SAML proxy records in O365 to send clients to Access to test.
But Access requires another dedicated box to run on.... no?
They say it can run alongside Email and/or a Tunnel Sentry
I'll check the docs but thats how I recall it being presented
Only thing it can't run alongside is Kerberos Proxy. That has to be a totally dedicated Sentry
That was what I believe to be the case as well but we are being told differently but the Support Tech is just getting his hands dirty on the platform so he might be mistaken.
I'll start parsing the the documentation as well. I told my AVP that Access is going to have to be implemented in our environment soon. Just didn't think it was this soon. 😉
Haha. Better to get it in now instead of trying to come back around later. Looking forward to comparing results!
Good for BES -> BB UEM Good Work -> BB Work
Any users reporting broken apps after updating?
I’m not, but know someone who is 😉
They only changed some assets - within the apps the legacy names are still refrenced
I have heard of 2 or 3 reports of app issues after Good work to BB work upgrade
We are using good dynamics still tho. Not on UEM
Any chance those users are getting promoted for access key?
Yes I think we had 2 reports of that and the other was email missing I'm the BB work app
LoL - That’s one I haven’t heard anyone use in quite some time @jaimin.s
Brief Departure: Please, please, please tell me you’ve heard the Eminem song that goes along with it?
@jaimin.s: are you seeing a bunch of issues with the new BB work upgrade or just a few reports of prompt for access key?
Seeing a few issues but 10 tickets already on just access key prompt after uograde
@MobilXperts Admin: ohhh you know I do lol
I knew you were cool @jaimin.s, LoL
So, we need to re-invigorate this Slack Team!
I considered just going to LinkedIn and inviting anyone to join, but I think it would be better if existing members invited those they feel would be a good fit
Come to MobileIron LIVE, you know you want to! https://live.mobileironevents.com/MobileIron_MobFirst_Tell_A_Friend?cId=MDAzMEIwMDAwMXp3dmRhUUFB
What are you looking to get out of it @thebjohn?
Just kidding. Honestly, just more conversation with MI developers and roadmap items, as well as discuss implementations with other MI customer
I hear you! I’m trying to just broaden my focus overall. MI is great, but I need to ensure I’ve got a holistic approach to all offerings in terms of management, platform functionality, 3rd party bolt-ons, etc
Anyone interested in an on-site Mobility Architect gig in Las Vegas?
Haha. Oh come on, new baby... new gig... the wife shouldn't mind at all!
Moving back to a desert is not an option! Lol. I'm over it.
Haha. Where did you hail from before? You're in Detroit now?
I'm from Phoenix. I relocated to Michigan about 2.5 years ago.
Ahh, okay. Then yeah, I can totally understand how you have no desire to hear back that way.
Anyone headed to MobileIron Live aka MIL?
*Thread Reply:* @thebjohn are you heading out for the training and whatnot or just the main conference?
*Thread Reply:* Was not aware of additional training? I'll be there for the main conference. Flying in Monday afternoon, leaving Friday morning
*Thread Reply:* They typically to training on day 1-2 and then conference 3-5? It may have changed this year tho
*Thread Reply:* Got an email from Ojas about some of it last night.
*Thread Reply:* I got an email on the Mobile Iron Diagnostic Service from Ojas, but not training that I recall
*Thread Reply:* Perhaps they cut it out all together this year.
*Thread Reply:* It was a pretty big production to put on
*Thread Reply:* And honestly there are enough opportunities to put things together in your mind. Sometimes training amongst peers in a short timeframe can be more frustrating than it's worth.
*Thread Reply:* No doubt. I learn a lot just from networking with people at the conference as well, that's a big part of it
*Thread Reply:* Right! And I think we are at a point now where it's tough to emulate a lot of what we have going on inside training. Better just to ask questions and apply the answers to what you know about your environment.
*Thread Reply:* I agree. Every environment is different, so it would be difficult to cover everyone's use case in a couple day training.
*Thread Reply:* I think those Birds of a Feather style conversations would be useful. Heck, even a public Slack team for people to join and do Q and A would be awesome.
*Thread Reply:* Where are you based out of again?
*Thread Reply:* Not to mention you could have people post links to manuals, screen shots, etc
Who is at the MI conference? How is it so far? Keep the rest of us updated on what you are learning and seeing out there.
Hey @onires53! So far, we’ve got @matt.proudfoot, @jereme, @japple, @thebjohn, @Clark (he’s MI PS now), @braddle and MacBenTosh (Ben Bergthold)
Sounds like a good crowd! Jereme is giving me some updates but it would be nice to hear what others are hearing, experiencing and learning out there. http://www.reactiongifs.com/r/l0fb.gif
Yeah! Excellent turnout. We really need to light this team back up! We’ll get it going right as you east-coasters are heading to lunch, haha
@ericwoodland uploaded a file: Image uploaded from iOS and commented: Oh, and for the rest of the @channel:
Aw yeah! Everyone drum up your best questions and go see @Alex Mercer
hahaha yeah. I’ll be here. 🙂 Mostly Cloud side stuff but I can be somewhat useful depending on subject matter for core, and migration stuff.
Everyone, @macbentosh is the man when it comes to Mobility, Roombas and Dogs. Ask him anything!
Can I synch my mobile,roomba, and dog to the cloud?
I believe that'd be an area MI should be looking to invest in
That's this afternoon AFAIK. I should prolly start a channel for the conference. JaM
@MobilXperts Admin Good idea about the conf channel.
What is the channel name? I don't see it listed yet.
Not that I’m aware of ATM - At least, not that I’ve heard of from our Sec team
We just pulled all cloud storage access from approved users..
Nothing says welcome back from a conference like a Cyber Attack
Ouch. I haven't heard if it's affected us yet, but considering we have basically no cloud presence, I assume chances are minimal
Likewise here. We have very limited amounts of cloud based services.
Morning, Mobility Exchange! Here’s hoping no one is having to deal with WannaCry
Anyone here using Aruba ClearPass w/ Identity Certs?!
Curious if we have anyone using MICloud’s built-in CA to handle WiFi Auth w/ identity certificates
I spoke of it last week @ mLive17, just wanted to put a visual alongside what I’m asking for
FYI - iOS 10.3.2 (14F89/14F90/14F91), macOS 10.12.5 (16F73), and tvOS 10.2.1 (14W585a) have been publicly released.
How are the iOS 10.3.2 updates being received?
Haven't heard any kicking or screaming yet
We just bumped our minimum allowed to iOS 9.3.5 lol, a year in progress. People are complaining about that though, which isn't surprising, but hilarious.
We had it certified up to the Beta 5 (Management/Email). Just waiting to hear from our AppDevs with any issues they encounter.
Very nice. We’re 2x back from whatever is mainstream, which needs to change
It's difficult for large, global enterprises to move, because of device costs and capabilities in other countries
You all have any Caching servers configured by chance? We really need those at our sites, but don’t have the $. It would help our effort immensley
I run it at mi casa and it has improved upgrade speeds by vast amounts
Do you have that many devices to where it is worthwhile doing?
There’s this little component called CacheWarmer that will pre-load the Caching Server with all the required updates, before the devices come calling
Kindred does. We run on a lot of sites w. poor connectivity
We just have to convince @thomrburg and the homies at the Fruit Co to hook us up with a couple, haha
Start rolling in the cost into each iPad. They just got $100 cheaper!
@thomrburg the company that built CacheWarmer is for sale. Fruit Co should acquire it
CacheWarmer...now that's a name I haven't heard in a very long time...
J/k. Worked great 'til the guy stopped supporting it for whatever reason.
It’s still working great over here. Looks like he’s just looking to sell the company and move on to other pastures
I concur on rolling the cost of the Mac Mini/Caching component into the cost of the iOS device. However, you know first hand the mindset around these parts…
Haha - I have to give #LinkedIn credit. I hate the fact that they’ve turned into Facebook Professional
Do they really think anyone finds that feature useful? Like anyone has time to go around wishing all their contacts Happy Birthday
Apparently so. I had recruiter connections congratulate me, kinda odd
There are scripts for FB to do it. If I were running a business I'd prolly do it too :)
I do wonder if that’s an included feature when you upgrade to the paid version
Kind of like a Constant Contact plug-in
Attempting to configure an AppleTv via configurator and MI, running into some issues
Ah, fun! That’s a road I have yet to travel down. Curious to hear how it’s going
did it with jamf a while ago…worked fine after a few tries
They do offer them through DEP yes, but the one I'm testing with was just a normal off-the-shelf Best Buy purchase
just buying from best buy would infuriate me
Assuming you still had to go through creating a Blueprint in Configurator first with WiFi, MDM profile, etc?
Actually, Best Buy can now bind device purchases to DEP so it's really about who has the best price
We were in the same boat. Business would go buy from BB and we'd gently remind them that "Off the shelf" didn't qualify for DEP. However, they're now on board with DEP so they can buy from BB if they have a deal to be found.
Zero-Touch Deployment with AppleTV is a thing of beauty if you guys haven't had a chance to see it first-hand yet.
I've got 4 of them in our casa now. Suppose I should pop one off and step through it
I'd definitely be interested in seeing the setup to do so
We have MI on site on June to discuss a few things, AppleTV being one of them
Officially with 9.4 from what I've heard
But it will be basic, enrollment, wifi Config, view device info
Not sure what DEP/Supervised will enable. Still has to be done via Apple Configurator
Cool - just as simple as assigning in DEP then. It's all OTA now, Apple Configurator 2 not required.
That's assuming Core provides the capabilities to make configurations and enrollment in a DEP environment with 9.4.
Another cool feature is Enterprise App deployment is now supported, along with Single App Mode. Think digital signage, custom conference room banners, etc.
Well, wouldn’t there be VPP for Apple TV long term though?
Capability I'm looking for in 9.4 is the ability to configure lockdown to screen per pin code. Because we will have a lot in relatively close proximity
So that someone doesn't AirPlay to an AppleTv in a room next door kind of situation
Doesn’t the ATV generate a random code for AirPlay when it completes config?
I think, if I understand that correctly, you're looking for the passcode option enabled in the AirPlay settings, no?
Correct, configurable via MI as a configuration that would pull down with registration
I think you might like what you see with Zero-Touch deployment then. On-screen passcode is the default out of the box behavior now.
Essentially a non-technical way of geofencing an AppleTv to a specific location to allow users physically seeing the screen to know the code to AirPlay to that screen
Anyone in the team actively piloting or have AFW/Enterprise Deployed?
Finding that native apps (such as pre-loaded games, etc) are automatically entering themselves into a badged (containerized) state as part of enrollment.
It apparently stems from the ‘System Apps’ provision in this article… but surely there has to be a mechanism to prevent it: https://developers.google.com/android/work/distribute
Because protecting Mobile Strike data is obviously vital for any Enterprise
Have a great Holiday weekend, @channel!
Clapping gets to be excessive.
Presenter: I pooped today. Crowd: Roaring applause.
They definitely went through TvOS pretty damn quick
Yeah - I’m watching with it on silent, as I’m sitting through re-new Employee Orientation haha
Any favorites thus far from the WWDC Keynote?
It might make sense as an alternative to buying the actual Pro
I was a little disappointed in the brief coverage of Apple TV, but I am happy they are finally getting Amazon Prime on there
Yeah - ATV is our box top unit here. Integrating Plex w/ HomeRunHD to further the experience. So long, Tablo
Amazon Prime would be nice as well
also @MobilXperts Admin waiting to get my HDHR for plex tv
Anyone have experience configuring SAP’s Fiori Client in Android Enterprise aka Android For Work? Their “support” site is an utter joke.
Anyone running the iOS 11 Beta 1?
I’ll hop on the first Public Beta, but not going to install beta XCode and Reload an entire device to see it
Just curious if they made any provision for a formal Office 365 account in Mail that will support HTML/SAML auth (similar to the current GMail facet)
Anyone ever had to change a System confit via Admin Portal? Apparently they cannot be edited, and was curious if there was a way around that. We want to change from SHA1 to SHA256 on the AppStore SCEP config
System Config via Admin Portal - You mean in the CLI?
System - iOS Enterprise AppStore SCEP config under configurations
I’ve not inquired into tweaking the built-in System configs, but I’m sure Support could tweak them in DevShell if you wanted to go to SHA256
By default on new builds, they are set to 256
@thebjohn you get anything out of Support re: SHA256?
Anyone looking to use the new MacOS management enhancements within MI Core/Cloud? https://www.youtube.com/watch?v=TvsCDdd_VrI
Anxious to give DEP/App Deployment a test
That is on my radar for assessment this year
Let's hope it's better than their Apple TV management capabilities 😁
It appears to be pretty comprehensive. More like a v2. Not quite Casper Suite, but a nice add-on to what you're already paying for.
By the way, SHA256 is being looked at by their support, he initially said it can't be changed lol
If you ever have to work with Bill Holoye at MI, I wish you the best of luck
So you have a single device space for all iOS? What Core version are you running? We are on 9.1 and we can't edit devices spaces. I believe in 9.4 they made it possible to edit devices space criteria.
Do you have specific configs, policies per device space?
we have epic devices that I want to get auto configs
They do have exclusions, you just can't excluded off of other filters. Not sure if you can use the "!=" exclusions in filters for device spaces.
if i create new spaces then delete the ios only one and nothing relies on spaces now what issues might i expect?
We use spaces mainly to divide the devices for local support management. We don't create policies or configs inside each device space. Those are left within the global space. Creating a deleting spaces for device management and not policy or configs is not a problem. It just means that the admins of that space can't log on to the space until it is recreated and they are given permissions.
I would definitely test it out but if you create the necessary spaces with the policies and configs assigned as needed, you should be able to delete your single device space without issue. The devices will still be "captured" in the newly created spaces with their required configs and policies. Just remember to give admin access to those spaces for the local support teams.
Just use filter labels in the global space? Or is this a multiple customer environment?
Wow, I missed a hella conversation yesterday haha
So, I'm now curious about the Policies Per Space. Gonna have to do some playing around and see how it pans out. This could finally turn Core into a multi org/tenant machine.
the reason for the space is you can do app policies per space. What I would like to do is when my rover account sets up a device that space config says install epic rover too. Not letting everyone get it when they enroll. @onires53
“common.platform” = “iOS” AND “user.displayname” != “svcroverwifi” OR “user.displayname” != “svcrovertrans”
I wonder if a space can be defined by an Apple DEP Profile. For a lot of folks, that would be kick@ss
A space CAN be assigned for a DEP device or DEP Enrolled, based on what I am seeing in 9.4.
Ben, to expose my ignorance, what do you mean by your rover account? Jason and I were trying to figure that out. Is that something unique to your environment?
Morning, all! Here’s hoping you all had an enjoyable 4th Weekend.
Yeah, there’s no way to make that an enjoyable experience for a 9 MO
Our 1 year-old did pretty well with them. We didn’t expose her for a prolonged period, but for the couple minutes she saw mortars going she hung in there
I almost had to fight a lady setting them off near our hotel room we were staying at, good times
haha. I asked the GM not to call the law on folks shooting off fireworks next to our hotel. It's freedom day and it comes but once per year.
True, I completely get it, but right next to hotel rooms is super frustrating when you have a little one. I’m an old grumpy man now
Last night I was fine with, but the leading Fri/Sat/Sun/Mon nights were a bit much.
🙂 My kids were young once so I understand completely.
We camped-out with the kids Monday night for the first time and someone had the audacity to fire a mortar off at 4AM
Violet woke up and was like, Dad, can we go watch the fireworks?
Reacted much better than I thought she would
alright all what is your procedure for when an employee gets let go?
how can I remove all company data off the device but maintain the ability to wipe or lock
reason we had an employee get let go and someone retired the device and then the emp. refused to return the device and they wanted to wipe the device. I would love to have like a manual quarantine
Good morning everyone, hope you had a good weekend. My wife has started a Virtual Administrative Services business, and we are working on marketing her right now to gain more clients. Any help with reaching out to people you may know looking for any help in this space, we would be glad to touch base with and help. You can find our info here: https://nakandcompany.com.
This was my first time “building” a site FYI, leveraged Squarespace and built off a template, pretty user friendly. Any feedback is also greatly appreciated.
*Thread Reply:* thebjohn: Very nicely done! Love the clean layout. Is it responsive? Testing from my phone now
*Thread Reply:* Looks good on phone as well. I can see this being a very popular service with startups
*Thread Reply:* Have all the back-end covered, but need someone to handle the administrative tasks. Virtual is an even bigger bonus
*Thread Reply:* Thanks for the feedback. It is optimized to run on mobile, has seemed very responsive in the different platforms and form factors I have tested on
*Thread Reply:* This can definitely suit everything from startups and small businesses to Enterprises, but no doubt, I know startups are a good market to try and seek out
*Thread Reply:* Nice! Just sent it to my brother
*Thread Reply:* Red Mark Pictures might need one. They’re blowing up
*Thread Reply:* http://redmarkpictures.com
*Thread Reply:* I’ll check out his work. Looks very professional
*Thread Reply:* Welcome! Their attention to detail is over the top.
*Thread Reply:* That is a lucrative industry to be in. And takes on a whole new level to wedding photos, definitely way above and beyond, that’s awesome
*Thread Reply:* Right! They just booked their highest priced wedding to date. If anything else this gives him an option to offload AA work so they can focus on the product
*Thread Reply:* People pay insane amounts of money for weddings, makes sense to capture that market. Good for him
*Thread Reply:* Well we hope to hear from him, and hopefully he is looking for help!
*Thread Reply:* Gotta tell him to secure his site yo!
*Thread Reply:* What secure angle you speaking? TLS or something more?
*Thread Reply:* How’s the startup going for you?
*Thread Reply:* Yeah. I find TLS to be a tough pitch to people who are focused strictly on content
@macbentosh To answer your question, I’m not aware of how to wipe/lock after a device has been retired, doesn’t seem like it would be possible
We try to limit by roles and don’t allow end users to retire their devices via roles (even in the Admin Portal). This should be limited to admins in my opinion. So your concern is wiping Corp data/device of the device was retired and the person has it in their possession with potential Corp data still on it?
we had an issue with a user that HR requested the device retired to get her email off
after that she says she doesn’t have the phone and hr wanted it wiped
I like the ios devices that are in the signed out.
Hmm. If you put it in a Lost state, that blocks access too temporarily
@macbentosh is having the email profile/data removed mandatory, or just blocking to prevent any new items from being delivered to the phone?
ideal would be emulating a retire as much as possible with the ability to nuke.
Okay - Then a quarantine would be your best bet
Best bet would be to drop the device into a space with a security policy that will instantly quarantine it
Curious - Does anyone have a local EMM User Group that they attend meetings for?
There probably is one but I don’t attend any
Curious if a virtual or local ‘collective” would be of any value. We’ve got quite a few MI folks around the Kentucky/Indiana areas that might really enjoy a monthly meet-up
Perhaps a little of both. For us local folks, Beer/Wings/Conversation is usually preferred. However, from a national perspective I think a monthly session like my friend Eyvonne hosts might be awesome - http://thenetworkcollective.com
I’d be interested in the virtual option for now, considering I’m a little far away
Haha - I hear you! Louisville isn’t really centric to much either
It’s more like people who live in Indiana but work in Louisville. There may be some in Indianapolis/etc, but I don’t have any hard stats there
I think the tough part with a virtual meet-up is managing topics/threads and providing room for people to have their conversations without being overridden by chatter
I hear ya. I just assumed everyone here were located in different areas of the country, so Virtual would make more sense
Good morning gents, anyone have experience configuring WiFi profiles for AppleTv in Mobile Iron? I’ve created a new WiFi config and SCEP to use UDID but am not having luck, still stuck in a Pending state
Got a step further, got the new SCEP and WiFi config to Apply to the AppleTV, and confirmed they are there, yet the network isn’t displaying or auto-joining 🤔
Interesting. So it is WPA2 Enterprise w/ TLS?
Pushing the config+identity cert to AppleTV, but not auto-joining or authenticating? Do you see any logs in your AP for that MAC Address of the AppleTV?
I had to manually delete the MiFi profile I applied to it via Apple Configurator, rebooted, then auto-joined the hidden network I applied to it
Ah, so it had 2x profiles containing the same SSID
So essentially, if you set it to auto-join during Configurator, and you apply WiFi config via MDM after, it appears you have to manually delete the apply Configurator applied profile first
So only one auto-join profile per ATV?
I had to configure a hotspot device to get it to register first, as we can’t apply profiles with certs until it is registered, but can register without an internet connection
At least that is true it seems for hidden networks
Can’t register** without an internet connection
Yeah - that’s the downside to Cert-Based WiFi
Gotta have some open network you can use as a “launch” platform
So, when I was as Kindred we were working to get our WiFi Captive Portal (Cisco ISE) to allow the user to enroll their device to enroll while being held captive
We almost had it working, except when the “captive” browser window closed to display the MDM Profile Install, the connection was severed
It may work similar for a DEP device, but I’m thinking they would need to tweak the Setup Wizard to not disconnect during the process
So the goal was to get Apple, Cisco, Aruba and others in a room to knock it out
Unfortunately, that hasn’t happened yet
Getting them to work together seems challenging. I was lucky enough to have an Apple Engineer hop on a WebEx recently I had with MI support, imagine that
Which is kind of screwed-up, since they are working together to bring the “best network experience available”
I was just referencing Austin Powers the other day
@macbentosh uploaded a file: so how do I make these messages stop?
What's that high port for? See if needed and see if IP table or something is blocking it.
mi was running very slow this AM…Rebooted and the system won’t come back up.
That mentions port 9999 as some type of Sync service but not exactly sure for what
9999 is kind of a legacy port, for back in the Android/GSM days or something
Has the actual MI App come back online? Can you SSH into the appliance?
Okay - If you can hop into SSH, get in there and do #configure terminal
it just needed to know i was talking to you…it’s up.
Okay - I was going to direct you to the MIFS log so you could tail -f and see what it was up to
Out of curiosity, what is everyone’s minimum iOS version set to for their Corp and BYOD programs?
Though, they encouraged 9.3+ for optimal experience
Ya we are currently set to 9.3.5 for all programs. Looking at upping it again
what’s the deal with a user getting 2 docs@work policies? will they merge?
It’s been awhile though. We used to do them by departments, regions, etc. So the user got their H:/G: whatever drive and then specific shares for their department
So you essentially take care of Home/Department mappings in a single policy. Of course, there will be exceptions…
Hey @tekwizmike! Slack fail in terms of notifying you had joined
Took your time accepting that invite, eh?
Any idea why {"default": "cmc/$USERID$"} isnt filling docs at work like it should
@macbentosh How does the formatting look for the entire string? Did you include all the site parameters, or just the auto-filled credentials?
All parameters - e.g {“https://sharepoint.miacme.com“: {“domainType”:“SharePoint”,“userName”:“miacme/ $USERID$“},“default”:“http://miacme.com/$USERID$“|miacme.com/$USERID$“}
Auto-filled credentials: {“default”:“http://miacme.com/$USERID$“|miacme.com/$USERID$“}
Yup. In my testing ended up being domain\$userid$
@macbentosh Did you include all parameters?
From what I can see in the docs, it requires all vs just the auto-filled credential portion
it was odd if you read up a little higher it mentions trying the \
What’s the result on the device when the config pushes down? Entirely blank?
all once I added the \ as mentioned in the guide I was OK…It was something that I had to look for.
So separating employee and company devices. How is that done. Do I need to change all my labels?
@macbentosh Yeah, that’s a good place to start
Easiest way is to obtain a listing of all known Serial Numbers for company-owned, then run an Assemble script to set those not in the list to Employee-Owned
guide? I don’t want to mess with existing users
Communicate that their devices will have proper ownership flags set and that they may lose services that are not appropriate for BYOD devices
Find a carrot to hang out there, such as “removing unnecessary services” to prolong battery life on devices participating in the BYOD program
for a managed app config does the device need to be supervised?
Just MDM with the app being pushed in managed format. The Managed App Config will be pushed in advance, so it is present for use when the app is installed
how about pushing one to android…Only Android at work?
Potentially KNOX as well. Haven't investigated it lately
how do I extend the amount of logs that are kept in core?
Extend the timeframe they are retained or the level of detail @macbentosh?
Believe you'd want to raise a support ticket so they can modify the retention period
Yes @macbentosh. Very straightforward
Make sure you use “_” in the place of spaces (in the SCEP config) and make sure you assign the SCEP config to the label for AE Email+
The App Config can’t automatically link to the SCEP, like the native Exchange configs could
$CERT_ALIAS:certificate enrollment setting name$
I tried spaces and found it didn’t enjoy them
So then do i need to create a new email scep? Cause right now it is not assigned to a label
Is that Email SCEP in use by other configurations?
it is our kerb cert for everything but cathy didn’t have me put any label to it
Oh, gotcha. I’d create a new SCEP for AEEmailIdentity and bind it to the same CA
You can have multiple SCEPs tied to the same CA
I do a SCEP for each service, so SCEP for Email on iOS, SCEP for Email on AE, etc.
Cheat from your existing SCEP config
It’s not listed under Configurations?
Are you using a Microsoft NDES server to issue certificates?
I don’t know why you would need a URL then
If you’re using the local CA, then a URL isn’t necessary
and i created a new one that i will assign a label to
The new one will be bound to whatever label you are using to hand-out AE Email+
A simple handout of an identity certificate should be the least possible culprit to crash Core
@macbentosh uploaded a file: ScreenShot2017-08-10at85824_AM.png
Yes, but Docs@Work won’t need an identity certificate
You working on Device Owner mode (similar to DEP) or Work Profile mode (BYOD)?
Default will be Work Profile (Personal/Work personas), unless you enter the device into Device Owner mode at setup, which will essentially create just a single Work persona
we have about 80 docs that are going to enroll their phone to get epic apps
Okay, Work Profile mode is what you’d want
If the device isn’t entered into Device Owner mode at startup, it is considered to be a BYOD device, thus the dual personas.
You’ll notice the “work” persona based on the badging on apps that come down as part of it
so with that email cert scoped to it I get a no certificates found error.
Do your Certificate Logs show Core as having issued an identity certificate to that device?
Can you exclude that device from receiving the cert from the other SCEP config?
Create User Certificate Failed misystem 2017-08-10 08:57:46 AM PDT 2017-08-10 08:57:46 AM PDT BBergtholdC health.org SCEP Name: ‘AEEmailIdentity’, Consumer Name: ‘AEEmailIdentity’,
bummer everything looks good but not pulling email
Is the device showing Allowed in the ActiveSync listing?
Odd. You see any traffic for that device coming through your Sentry?
weird i cleared out old AS entries and looks good
Ah, Did you exceed 10 devices on the CAS side?
ActiveSync won’t allow >10 devices by default. You’ve got to clear some out to allow new devices to Sync
Guessing since there was no entry in ActiveSync, the device never got to CAS to be denied if there were 10+
So, it did start working. Yes? @macbentosh
I’ll take that as a yes, @macbentosh
Just use us and then disappear. Playa’
Is there a setting in the backup to say how long to keep them?
I feel like there is a default trim timeframe, but I honestly don’t know it off the top if my head.
But if they are configured to save to a NAS/CIFS network share of some sort, I don’t believe MI has the capability to automatically delete old backups from a share. Now as far as data exports to RDB, those can be configured to delete export data after a certain amount of time
that’s correct @thebjohn - You’ll need to schedule a task in Windows, etc to remove them automagically
@here show of hands, how many Core customers knew about http://www.byodportal.com prior to me mentioning it now?
*Thread Reply:* I totally did.. but not the hosted website version, just the onprem one 😄
*Thread Reply:* Nice! Any customizations @Jason Bayton?
*Thread Reply:* Current install is just sat there, but a previous version was heavily modified just to see how far I could take it.
*Thread Reply:* Nice! Was curious how many knew of it and/or were using it. I believe we need something similar to front-end MobileIron Cloud
however a ps call today say they are not really using it
“/Go” is alright for an environment with simplistic enrollment needs. It works where you’re open to any type of iOS version enrolling, or any iOS device for a Company-owned/BYOD device, etc. Doesn’t do much in terms of allowing only iOS 10.3.3 or Android 6.x, etc.
Labels based on installed apps
You familiar with the ideas portal?
how do you guys publish your managed app configs
distribute to all then when they install the app they get it?
@MobilXperts Admin does MI still look at the ideas portal? It seems to be pretty dead from MI involvement.
AFAIK they do. I'll check with the PM
Managed App Configs are tied to the label for the app distribution. It pushes down in advance to the device so it's present and ready when/if they install the managed app.
Eh. That's kind of unnecessary overhead
I don't apply anything to iOS. My OCD won't let me.
How’s everyone’s testing of iOS 11 going? Mobile@Work still seems to be crashing at launch for us
Pretty good, thus far. The M@W client crash has been resolved in the latest preview
Are you a part of the Preview Program @thebjohn?
I believe so, don’t recall. Do you know when the official release is scheduled for?
Shoot your advocate a request and they can add you to the program - https://mobileiron.centercode.com/enter/
IDK if a formal date has been set, but it’s obviously in the pipeline
Curious to hear how iOS 11 testing is going for everyone else @here
Company is a little scared of the new annotation for PDF capabilities and lack of controls on Files app.
Just and heads up to anyone that had an advocate through the MobileIron Advocate Program (other than Premium Plus Support). MobileIron terminated the program effective immediately without notice. We just found out yesterday. 😤
The advocacy program was developed in the early years of the company. Now that EMM is more prominent, I think customers are becoming more self-sufficient in terms of finding what they need via the Community Portal, Support and Slack teams
Not saying it needed to go entirely. However, the folks manning that service were essentially helping you help yourself, with the occasional reach-out to an internal resource if needed.
We used ours to help escalate issues and setup meetings with internal MI teams if more detailed discussions were needed. It's a shame that it was terminated, let alone without sending any notification to MI customers that utilized the program. Anyway.... Just venting.
We are just now looking into Kerberos period
I have set it up. but only in MI Cloud
all D@W setups have app configs associated with them (atleast cloud) the AppTunnel tules map there and the D@W config for what CIF or sharepoint you try to set up
*Thread Reply:* OH! ha, im sorry i missed that was going back and forth on slack
*Thread Reply:* We used MI Tunnel I think
@macbentosh AppConfig as in MI AppConnect, iOS Managed App Config or Android Enterprise?
Oh, I gotcha. Vocera had docs and they were pulled.
So, what I would do is reach out to Vocera. Let them know if they wish to remain a popular vendor, you recommend publishing what they have to their support site and/or AppConfig.org.
@macbentosh any idea what’s up with Vocera and them yanking their KVP support docs?
Are you a current customer or just evaluating their stuff?
Any chance you opened a support ticket? Curious what they have to say about pulling their material
yea they want our des. support people to open the ticket…
Nice @macbentosh - They really should participate in AppConfig.org. That has huge potential
anyone ever renew a app provisioning profile?
@here - I’m on-site w/ a customer, but I’m sure someone wouldn’t mind speaking to it in the interm
Don’t have any experience renewing these myself
So we upped our minimum iOS version for all environments and programs to 10.3.3 today. Gave people 1 month to upgrade and forced it on our supervised devices. We have about 6,000 remaining people who will be kicking and screaming
It took us a year last time to set 9.3.5 as he minimum. This time, about 2 months.
This was to address a WiFi vulnerability fixed in 10.3.3
You can only hold hands for so long, eventually, you have to force people to update their shit
Yeah, apple said they weren't going to give us 9.3.6 to fix BroadPwn.
We are going to finally be upping Android to 5.1 next month lol
Oh, Lord! Do yourself a fav and just go 6.+
We have A LOT of BYOD Android users worldwide in countries that have devices that can’t get to that level
5.1 sell was to enable minimum support for Android Enterprise which we are looking to migrate to.
Not all of the 5.1 devices will be AFW capable so make sure you run reports on that.
You might be best splitting-off the AE folks into 6.0+ and consider the rest legacy
Oh really? According to Android Enterprise, 5.0 and later
6.x+ also ensures Device Owner Mode can be used for Company devices (Like DEP for Android)
According to the guy leading that project, 600 of our devices not capable. Not as bad as I thought
Our minimum currently is 4.1, so I’m Happy with at least the jump to 5.1
"android.afwcapable" = false AND "common.platformname" = "Android 5.1" AND "status" = "active"
If possible, try to consider <5.1 Legacy, though. The effort to potentially get them into AE might not be worth it
Give them the basics (potentially AppConnect/Email+/etc), but extend AE to only 6+
and (if you want to try) use that search @Jonathan Henson provided and target those
Problem here is they are too touchy feely and don’t want to put people out of compliance. You can only hold hands and be nice for so long
I’m shocked we got 10.3.3 to go this yuck
That’s such a ginormous vulnerability though, especially since the vector of attack is via the WiFi NIC
Which is why we were able to push it quickly
Just a heads up @thebjohn , the LG v20 loses email after reboot when using AFW w/ Email+ due to an issue with the way LG implemented the keystore on the device. The user must set a screen lock for the work profile to work around the issue on that phone.
That's the only phone that we've had trouble with and it happened on the Verizon, T-Mobile, and AT&T variants.
Nice update on that front, @Jonathan Henson!
So if a screen lock policy was already in place, should be good to go?
Well, it’s a screen-lock on the new AE container. Which is separate from the device lock screen policy (AFAIK). @Jonathan Henson has been troubleshooting this since I was @ Kindred, so happy to see work towards a resolution
Checking to see how many of those are in our environment
How many LG v20s did you have in your environment @thebjohn?
According to my search, 0
LG v20 (LG-H910 - AT&T) Android v7.0
LG v20 (LG-H918 - T-Mobile) Android v7.0
LG v20 (LG-LS997 - Sprint) Android v7.0
Oh man good shout! I don't know any customers running LG atm but I'll put out a ping to my guys to keep an eye out.
Yeah @Jason Bayton, that one was #Frustrating with a capital F.
My buddy was on the PoC for that and loved Email+/Docs@Work in AE… then the ‘Couldn’t Connect to Server’ messages started appearing
As an aside, I missed all of this conversation as I'd only been paying attention to the android channels 😛
LoLz. This slack team is going to blow up soon. Gonna drop a front-end so ppl can self-register and start sharing the Mobile goodness. #NotificationsForDays
Before you do, is it too much to ask you rename the AFW channel to android_enterprise? 😛
Anyone running into any issues with iOS 11 Beta testing? Beta 8 was dropped Monday, I have to imagine it will be the final before official release
Nothing yet - Admittedly, I need to install Beta 8
Silent APNS issue is the big one I know of now. And SHA1 trust if anyone is still utilizing them
What specifically do you have around the Silent APNS? Notifications not being received from published apps?
@thebjohn uploaded a file: Image uploaded from iOS
Ah, interesting. I hadn’t come across that one. Time for some light reading…
Different article but this one mentions the silent APNS issue as well.
Ah, okay. Guessing that’s a last-minute tweak they’re going to implement
Doesn’t make any security sense as to why they would have removed it, unless they’re really looking to anger developers. I suppose energy savings, but not really enough to justify removal
Curious - Anyone deploying devices to China now that the iOS VPN restrictions and Google Play stores have been blocked?
We do but I honestly do not know what issues we are seeing in China other than knowing app stores are blocked
We actually just had to hire someone physically in China in order to deploy our apps to their public app stores because of the stupid great firewall of China
I’ll have to look and see how many iOS devices we have deployed in China, my guess is not a large number
Didn't realize about the iOS VPN restrictions. When did that go into affect?
We gave up on Android well over a year ago in China.
We have about 600ish Android devices in China, but aye BYOD only. App deployments there are a giant pain
@thebjohn how are you getting around the Google Play Services? Are you having someone host the MobileIron apk and side loading for registration? Do you have on prim MI servers hosted in China?
We are hosting them on web servers in China. Essentially, it’s a site in which people download the apk, essentially side loading
@onires53 Looks like the iOS VPN App removal was back on July 29th, 2017 - http://money.cnn.com/2017/07/29/technology/china-apple-app-store-vpn-express/index.html
@thebjohn @onires53 you could have the users in China access the APKs direct from the MI CDNs (provided access is available) - https://support.mobileiron.com/cloud-android/current/MobileIron-Go-latest.apk | https://support.mobileiron.com/MIClient-latest.apk
So, Mobile@Work 9.6 dropped for iOS to address the crashing issue in iOS 11. Bad news, doesn’t seem to have fixed the issue on my iPad Pro
Any chance you've done a complete uninstall and reinstall, rather than an update? Shouldn't make a difference normally but maybe the update didn't overwrite something.
Well if that happens to work, we can’t have 20k users re-register 🙁. I haven’t tried that yet, I will now
Re-registering shouldn't be necessary unless you've explicitly enabled some compliance actions on your install to enterprise wipe. Core can manage without the agent on iOS, just not as well.
I need to test M@W - Have been working with the Cloud/Go side of the house and it has been fairly stable across the betas
Any idea how Cloud connects to on-perm SCEP to deliver certs?
Provided you’re speaking about MobileIron Cloud, not Connected Cloud (Core)
Is the CA accessible from the on-premise Connector VM?
So, if you’ve got the Cloud Connector sitting on-premise (inside your network), can it communicate with the server running the Microsoft CA?
We don’t have cloud connector currently, we are all on-prem
Gathering data for dependencies to see if Cloud is an option for us
So future would be Cloud, Azure AD and what would allow us to sync to CA on-perm
Connector is what would allow you to SCEP certs to Mobile Devices from an on-premise CA
Well, you could publish your NDES server to the internet
Yeah, they’re one of our examples of ability to “scale” LoL
Infrastructure upgrades, do you guys let companies have a cloud QA to test and give thumbs up, or just do it and say best of luck?
Infrastructure in terms of your on-prem appliances or the common cloud code base?
Common cloud. I know Sentries still on-prem so we would manage
I can check on that. We have multiple clusters, so they go sequentially. I’d guess we have a “QA” cluster that is used to test, obtain feedback, etc.
Yes, we do offer a Sandbox for customers who opt for it. It does incur an additional cost, but is included with the Premium Support Bundle if you have it.
Web@Work for iOS 11 crashing on latest version, update in the works?
I see v2.1 in Product Bulletins but don’t see an update
@thebjohn are you participating in the Preview Program?
If you can get added, there are TestFlight invites to test the latest W@W, D@W, etc.
Web@Work 2.1.0 (17.46) for iOS was released on TestFlight 3 days ago
We are not actually. Can you confirm this version resolves that issue?
Ha, the usual release note description
Want me to drop a Preview Program request for you @thebjohn?
Is this something I should do through my account rep to be safe or no?
I can submit it internally to an Advocate if you like
I know he has added us to Core Previews, but we don’t have an environment to install GMRC releases
Okay - It’s just the Q3 2017 Preview Program
That’ll entitle you to all the goodies, including TestFlight invitation requests
Excellent, thanks man, I really appreciate the help
Welcome! You want to shoot him the msg or would you like me to?
Okay - Righteous. Cut out the middle man. LoL
Does this follow-up with what you were speaking to a couple weeks back, @macbentosh?
What does the vendor themselves have to say?
@macbentosh Apache Struts? We have a fair amount of Tomcat, but I don't know of any Apache.
Turns out the red hat is not affected in anyway. Our is sec freaked out because they don't know how to read CVEs and do the research appropriately.
Morning Everyone - Here’s hoping you’re all staying dry and having a semi-productive Monday
On this glorious Apple Event-eve
Tomorrow should be a fairly loaded one, that’s for sure
Apparently I have avoided the interwebs enough to not know of the leak
It leaked that iPhone 8 has a Keurig DRM built-in so you cannot use antother coffee ordering apps.
So we’ve got to build this team up. Anyone opposed to more members? I’m gonna work to get the “invite yourself” front door up and running this week.
Thoughts on a name? I liked mXe but it’s not really SEO friendly
K - That’s what drove me to go with that placeholder for now
I like MobileExperts, provided only experts see themselves in haha
so thinking forward, if we were do to some sort of yearly conference, etc we’d want it to have something with a fun ring to it
I’ve been recruited via LinkedIn for similar things, so that may be a good way to reach out too
Oh, definitely. That’s my thought
So if we were to “brand” this Slack, it’d be something like that. Most recent example I have is the old BriForum group. It started as a forum and launched into a community and then a yearly event, etc
MobileXperts @macbentosh @thebjohn?
So it keeps the Mobile and Experts, just stands out off the page with the capital X instead of E
Or does it brand us administrators of Mobile Pr0n?
Keep the E at the end of MobileXperts or MobilXperts?
It keeps playing tricks on me. I feel like we should be Mobile1 Oil Admins
Okay - Going with MobilXperts. Can always change it later if we like
Eh, crud. That looks odd when Slack forces it into lower-case
@ericwoodland uploaded a file: Pasted image at 2017-09-11, 12:12 PM
Eh, okay. MobileExperts isn’t available, so @thebjohn’s preference wins! haha
…and we’re public! https://mobilxperts.herokuapp.com
Anyone care to invite a colleague to join? @here
@Eric Woodland has joined the channel
Mr. @Eric Deason! Long time, no speak. How’d the registration go?
It was ok, i used the wrong username, so now I get to juggle two accounts. Otherwise, pretty good. How have you been?
Well, each user account is unique to the Slack Team you’re on
So for MobiXPerts, you’ll be known as @Eric Deason, whereas with other teams you may be another alias
maybe that was why it prompted me to create an account instead of pulling my current
Right. IDK if you can use a single credential amongst several teams
I’ve often thought that would be nice, but haven’t come across a way to do it yet
*Thread Reply:* Actually, let’s try that here @jaimin.s
*Thread Reply:* How’s iOS 11 Testing on Blackberry Dymamics?
Our code of conduct is up! Well, v1 of it anyways: https://github.com/MobilXperts/codeofconduct/
Apple drinking game. Take a shot every time the crowd cheers, longest to survive wins
I missed the live feed, but just reviewed the MacRumors tweet feed. Should be a booming holiday season for Apple
I’m really curious to see how they reshape their approach to MDM in iOS 11
Hardware is nice, but I’m quickly becoming a fan of the approach Android took with their Enterprise offering.
Here's an interesting takeaway @Woody from our last meeting with Apple. This is word for word what was on their slide.
Some restrictions requiring Supervision in 2018 App installation App removal FaceTime Safari iTunes Explicit content Multiplayer gaming Add GameCenter friends iCloud Documents & Data
I assume this will come in a minor release of iOS 11.x
It’s not so much the “controls”, it’s the approach as a whole @Jonathan Henson
they need to transition to where the MDM portion of the device is housed under a separate user. I don’t want to convert my personal instance of Microsoft Word to Company-Managed, I want my Company to use the same binary and store their Documents/Settings under the Company User (Like Android Enterprise)
I also growing tired of 55+ year old guys on stage selling me new tech. No offense Tim and Phil, but your luster is wearing off.
They’re probably just up there to appease the 55+ old stock holders
What about the outfit of the guy introducing Apple TV 4K. lol.
Eddy Cue? Yeah, kind of meh. I don’t expect you to come out all prim and proper, but I mean shit
I have all the confidence in the world with the senior management team - I don’t need a 20-something on stage telling me new cool tech is new cool tech.
Keynote could have been less long winded if they went with the 1995 Sony E3 type presentation.
Well I'm about ready to dump Android and join team iOS.
That FaceID demo was the final prod I needed. Yup.
@Jason Bayton I’m excited to see continued innovation and competition from both sides. I’m still more a fan of iOS, because of it’s integration with the ecosystem. However, I’d really like to see what Google does to join Android and Chromebook long-term.
Do I detect a hint of sarcasm regarding the FaceID demo/hiccup? 🙂
How Apple is bringing us into the age of facial recognition whether we’re ready or not - The Washington Post https://apple.news/AzqyjeptKQSmyQukTZgFw8g
So you can't beat facial recognition with photos but what if I make a clay model and heat it in a microwave for the IR
@jaimin.s has been hitting the ☕ a little hard this AM
So I’m part of the AppleSeed Beta on my corporate devices and Public Beta on my personal device. I noticed today that the official iOS 11 release was available on my public beta device, even though it was announced for September 19... am I an idiot, or is anyone seeing the same?
Apache Struts statement: https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax
https://instagram.com/p/BY-_XpgBCTr/
@Simon Hardy-Bistagne has joined the channel
We’re still working on the “Hello, Welcome and here’s how this works” bit of the Team, but we’ll get there 🙂
Just a photo of Chunk from Goonies shouting "Hey you guys!" Would suffice I'm sure!
Nice reference @Simon Hardy-Bistagne! I think we can make that happen, haha
If you’re looking to join other channels, here’s where you can search:
@Woody uploaded a file: Type the Channel You're Looking For
Hoping to see some Microsoft EMS and BlackBerry love too :)
Think we should do a Channel for known open positions as well?
@Woody I'm hiring for folks in Milan and Madrid if anyone wants to work for me in a sunny city!? If not.ibe a few roles in other teams in the UK...
I wouldn’t mind relocating to Madrid one day, was there a few years ago, loved it
*Thread Reply:* It's a lovely city for sure!
@thebjohn some NYC roles too working more in a sales type role though... not my area.
Just created the group #jobhunters for a better place to convo
Created 2 new Channels. #blackberry and #goodberry - @jaimin.s is sure to be a SME over there
*Thread Reply:* Any questions on BES 4.x under domino I'm all over it ;)
So how big can this group get? Not a big slack user... no idea what the upper limits are?!
No limits, really. MacAdmins has like 2500 daily users
Nothing beats having 4 different teams inside one app
Or, I should say Good Morning based on your local time zone haha
@Brandon Adams has joined the channel
Whereabouts are you joining us from in what looks to be the EST?
Hey everyone. I live in Colorado but am based out if Indianapolis for work.
*Thread Reply:* That’s great! Are you working remote for a company out of Indianapolis? What device platforms and management suite do you deal with primarily?
*Thread Reply:* Yep. I work for Computacenter US. The contract I'm currently on is for Rolls-Royce Aerospace North America. Currently, we're wrapping up migration from Good to BB UEM on iOS devices.
*Thread Reply:* Nice! That sounds like a good sized engagement. How’s the migration going?
*Thread Reply:* ~3,000 devices and we're at close to 2,000 migrated in 4 weeks. Most folks are pretty excited about the new product. The UEM console is a revamp of BES 5.5, but it's pretty nice.
Hello @Ash Armitt - You caught me up late. Welcome to the Team!
Curious, what platform are you presently administering?
Not administering anything, rather, Architecting Mobility Solutions end to end for the Banking, Financial and Government sectors 🙂
@Darryl Miles has joined the channel
Hi All, @TS you missing EM&S from Microsoft in you poll.
*Thread Reply:* It’s been updated! @Herman @Darryl Miles
So admins…. Do we have any quick ground rules for the Slack platform?? eg, no sales talk if you work for a vendor, or no trash talk of competitors unless it’s factual??
Also.. looking at the stats… I think the limits of the free slack version are going to be hit by the end of the week!!
Working in the EMM/MDM domain since 2007 when I started working for Blackberry
Now currently contracting manage a BlackBerry/Good infrastructure and currently working on a project involving O365 & Airwatch for an investment bank in Paris
*Thread Reply:* Hello @Damian - It’s great to have you. 2007 was a great year to get started! Blackberry was hot back in those days. It sounds like that introduction a decade ago has served you well!
*Thread Reply:* Hello @Woody It sure has...BlackBerry are back on track though - in the Gartner leader segment with the Good acquisition. I've seen some serious market penetration by Airwatch here in France though!
I don’t mind trash talk if the facts are there. I use these chats moreso to discuss current and upcoming technologies, and any current issues being addressed across the member’s organizations and what they are doing to remediate them. It is kind of cool to see the variations of implementations, and differences in challenges that everyone faces.
I myself am a Mobility Engineer for Ford Motor Company in Dearborn/Allen Park, Michigan. We architect and manage our mobile solutions, leveraging Mobile Iron on-perm infrastructure. We currently manage approximately 35k devices across 2 environments
@Simon Hardy-Bistagne Terms and Conditions are lightly built, but nothing is yet set in stone in regards to vendors. We can (and will) add a sub-section to the CoC for Vendors.
As with @thebjohn, I don’t mind a spirited conversation, provided factual information is provided to backup the statement. However, if it becomes a case of who can yell louder, I would propose a strike will be tallied against the offending parties. Perhaps a 3 Strikes and Out rule? I believe we’re a fairly civilized team, but as this grows it may be necessary to have that rule in place.
“user.userid” = “user” OR “user.userid” = “user” OR “user.user_id” = “user” OR “ios.ProductName” starts with “iPad”
why is that not showing me only those users ipad devices?
Should just need to be “common.model” starts with “iPad”
Re-creating the platform poll. Apparently it doesn’t enjoy me adding/tweaking options after it’s been put into action
/poll What MDM/EMM/UEM Platform are you using? “MobileIron” “AirWatch” “InTune” “Blackberry” “Good” “Citrix” “Microsoft” “MaaS360" “Multiple” “Other”
Hmm...a lot of orgs use Intune but add an EMM on top for obvious reasons, for example Airwatch on our case. Unfortunately we need to keep Intune for access to their APIs for DLP but otherwise all the conditional access etc is done via VIDM
I've never heard of many enterprises that rely solely on Intune ;)
You might want to morph good into blackberry considering they were eaten up by them
Microsoft has been trying to strong arm us into InTune for sometime. They initially want to “throw it in” as part of O365 and other technologies.
*Thread Reply:* Intune is fine, just not great at large estates or complex requirements. The full EMS suite enabling DLP and managing the office apps including outlook is the real strength. It's really all about what you want the device experience to be and what you're looking to do with it.
Price wise you can't go wrong, but it's the capability you need to be careful with.
We internally are moving to EMS from airwatch because the main use case for mobile devices is email and content consumption. And by using outlook and office apps that's the bull of users happy.
Airwatch is being kept purely for those users who have more complex app requirements.
MAM was overly complex and even MS support hadn't a clue
Browsing never really worked for us via their VPN managed browser solution
I could write a book on our experiences on it ;)
At the end of the day, if you want to securely manage the native office suite you have no choice but to use Intune : http://www.brianmadden.com/opinion/What-does-the-Microsoft-Graph-API-for-Intune-mean-for-the-rest-of-the-EMM-market
I really appreciate that info. I will definitely pass it along to my team, as management around the company keeps bringing up InTune due to the “cost savings” it would give us.
@Damian @thebjohn the GraphAPI is now public, so you should see EMMs tapping into it very soon 😁
*Thread Reply:* Would you mind taking a moment to introduce yourself @Jesus Latorre? What‘s new with you in the world of mobility?
*Thread Reply:* Sure absolutely! Hi all, name is Jesus. My EMM provider is IBM MaaS360, so if anyone has questions on that I'll try my best to answer as much as I can!
*Thread Reply:* Nice! It’s great to have someone with MaaS360 in the house. Are you EST?
Would you like to take a moment and introduce yourself @Alan Del Giudice? What kind of fun are you presently having in the world of mobility?
For me the newest thing in mobility is iOS11 and UEM really. Looking to support different OS and ruggedized devices like Zebra. Am using IBM MaaS360
@thebjohn @Woody @Damian... I did a POC with Intune for our enterprise. It's not an EMM by any stretch of the imagination. I can't see why anyone would only use that product without also using a true EMM platform along side it. However we got the same push from our Execs. We have been waiting on the Graph API. Didn't realize it finally went public!
Yeah, @onires53 I know it was mentioned several times on stage at the MobileIron mLive conference this year. I’m curious to see which MDMs tap in and allow control of those DLP controls from one single pane of glass.
We are already doing it with Airwatch for the DLP
Yeah, @Damian that’s where I suspect the major players are at, since it was just opened-up 2-3 months ago. How’s it going from an AirWatch beta perspective?
All good on our end. No major issues except some issues on MS side with data leak on excel and ability to switch from professional mail to personal mail in Outlook and send pro mail...
👋 I found this channel on @thebjohn ‘s LinkedIn. I’m Julien, leading the team at http://www.appaloosa-store.com. We’re a french startup with a SaaS-only MAM offer (iOS + Android sideloading + Work Profile). I’m not here to advertise anything but curious about real-life mobility painpoints or wins. We are also heavy users of slack and rarely see slack teams talking about EMM. I’ll hunker down in #v_appaloosa if you want to chat!
*Thread Reply:* Welcome @julien! It’s great to have you. Like the idea of vendor-specific channels.
*Thread Reply:* Think we should prefix vendor channels with a v? e.g vappaloosa
*Thread Reply:* Hey @Woody, makes total sense. But this ruins my plans of masquerading as an expert on my own product 🙂 I’m renaming the channel.
*Thread Reply:* LoL! I’m all ears though, since this is the first public Slack team I’ve administered.
*Thread Reply:* Marseille here @julien will be I tsresting to see your USP.
I'm working in Paris - welcome
Hello Guys,
I am Alan, work in MMS Brazil team, I support MaaS360, Mobileiron, Good Technology, Traveler, Blackberry, Airwatch, Intune, Afaria , Windows 10, and Office365 and collaboration stuff
Hello @Alan Del Giudice - Wow, that’s a lot of feathers in your cap!
i know hehe, but its nice, its an opportunity to know many things.
@Alan Del Giudice Of all those you’ve worked with, do you tend to side with one above all the rest?
Having that portfolio definitely helps in the job market.
I’m curious, who’s using a CASB to provide conditional access to Cloud-Based services? If yes, is it integrated with your EMM to assess device enrollment, posture, etc?
In MaaS360, we have a service called Cloud Identity, which allows for conditional SSO into cloud services, such as Office apps, Salesforce, Gmail, etc.
*Thread Reply:* Nice! I'll have to take a look. Are you using it? Is it essentially a SAML Proxy?
Thanks for joining! Is this your first time using Slack?
@Dennis Villaroman has joined the channel
Hello all, I'm Duncan from The Netherlands. The what? :flag_nl: https://youtu.be/ELD2AwFN9Nc?t=35s I am working for an international beer brewer that is headquartered in Amsterdam. We are currently mainly using MobileIron but also exploring Microsoft.
God damn it... that's 2 screens I've cracked on my S8 now...!
Naked both times... I talent out of its case at home... this last time it was in my back pocket while I was playing with my daughter on the floor... ground the corner on the floor and it chipped it out... never broken a phone screen before...
Bloody infinity display!
You'll be needing insurance on it before long (if not already)!
Already used it to replace the 1st one... worth every penny!
Hello Aaron 🙃 I did notice some familiar names indeed. I just joined today so I am reading what people are working on. Is GroundCTL a topic in here also?
*Thread Reply:* Good idea, @Duncan. Hey @MobilXperts Admin would it be appropriate to create a #groundcontrol channel here? I understand the focus isn’t on vendors (certainly not sales), but there are some niche problems that we can solve.
*Thread Reply:* (Although @Duncan mostly I’m hear to learn and to help when I can. My site enterpriseios.com is pretty neutral.)
*Thread Reply:* Yes, absolutely @aaron. It’ll be v_groundcontrol (v for Vendor)
*Thread Reply:* Welcome, @aaron! I for one need a deep dive into the product so I’ll keep an eye on that channel 🙂
Hehe. I don’t think it will affect overall functionality. It’s just saying after 10k messages we can’t search through the history
Anyone run into issues when unlabeling a VPN (tunnel) config from devices, and it not getting removed?
Configuration stays present on device even after check in
Haven't seen that as yet - version of iOS this affects?
All at 10.3.3 since we bumped our minimum version
We had to pull the config as it conflicted with a full device VPN our execs insist on still using, and it’s caused more issues, especially now since we unlabeled, yet the vpn config remains
I ended up putting in a ticket with Mobile Iron. Unlabeling 2 different configs has not pulled them from the devices, only a few, very concerning, considering the VPN issue and it being on our executive devices.
Hey Everyone, is there any Intune lover out there? :-)
Hi @theNyG - Unfortunately, I don’t have much experience with Intune. I hear it managed Microsoft App DLP nicely until they released the Graph API for others to leverage.
Welcome, @Ankur! Sorry, meant to send a shout-out and forgot 😬
Been out for 32 minutes, let’s see what blows up other than what we know already
How pegged are the servers for that download? When iOS 10 dropped, seemed like it took me a couple days to pull it down.
Took 20 minutes for my download on one of my devices, just finished
No major issues. It's jumped from 4% battery to 0 and turned off on me once, but otherwise it just looks a bit different. Anyone think the new heading text is all a bit thick now? Weird.
#CachingServers are key if you’ve got ‘em, at least for upgrades inside your network.
Has anyone attempted to add an iDevice into DEP via Configurator 2.5 yet? Legit excited for this
I have not. I am going to try for an Apple TV we have, as the process we did have for manually applying the MDM config via Configurator will also no longer work with the Apple TV 4K, USB-C went bye bye
Is there an official Apple document on this process? @Jason Bayton
Just got Configurator 2.5 on my Mac, so both Manual Enrollment and Automated Enrollment show DEP. my assumption is if selecting automated, the device serial number was already added to the DEP portal by an admin, versus manual Enrollment when you select to register in DEP, then specify the DEP server?
As like @thebjohn, I have not @Jason Bayton. Looking forward to seeing it in action, though!
And Apple is really annoying me with announcing Amazon Prime Video for Apple TV months ago for sometime this year, expected with TvOS 11, but still no dice, what the shit!
@thebjohn yes — you use “manual” for the option to “Add to DEP.” I recommend NOT checking “Activate and complete enrollment” because it’s a bit confusing from there. Turns out that while Configurator does technically add devices to DEP, it does NOT assign them to an MDM server, in the DEP portal. Until you do that, the device is an unassigned DEP device, meaning it behaves as a non-DEP device.
Ah, interesting @aaron. Wish they’d add something to the UX that calls the DEP portal and allows assignment to a server in that same area
How about an API for assignment. That’s what we’d like.
Curious: Anyone using Azure AD/Microsoft EM&S conditional access? If yes, can it be engaged selectively by O365 Mail Domains, etc?
e.g if I had an existing CASB/SAML conditional access solution in play, would/could the two conflict?
I've got a customer asking me how their in-house IPA should be signed for deployment with Core. IIRC it doesn't significantly matter as they won't get a "trust this developer" if Core pushes the IPA down. Not a developer though.. thoughts?
Has anyone attempted deployment of BB UEM alongside MobileIron? Have a User who supports multiple business units and has multiple email accounts. I’m thinking one has the MDM and the other only has an iOS config, but wanted to run it by the group
@Jason Bayton not sure what “signed for deployment with core” means. It should be signed for in-house distribution. But you are correct, if pushed by MDM phones won’t be prompted for trust.
Harks back to me not being a developer, so not using the proper terminology. The app needs to be signed, in a way that won't cause errors when they deploy it via Core is all I mean. But cool, thank you for clarifying!
Anyone able to confirm if the DEP hold option in Core includes the fix for back when if a device dropped LTE connection even for a second, it would fail and not retry automatically?
@Markus Speicher has joined the channel
Anyone still seeing issues with latest Mobile Iron suite of apps crashing in iOS11?
@thebjohn actually not really. Did you see the doc outlying minimum MI app versions required with iOS11 in the community?
I have. The strange thing is, the guy having this issue is on the latest releases, seems to be a one off, as we have a lot on iOS11, including ourselves, and haven’t seen any other reported issues yet
So iOS 11.0.1 was dropped, and of course, release notes are Includes minor bug fixes, appreciate the detail Apple
I assumed this is what it would be, but official release notes aren’t asking much, maybe that’s just me
looking for some insight on how to handle VPP accounts for a Global Company with a footprint in multiple countries. I've run into an issue with an App that is only available in Canada but the VPP account is based in the US.
*Thread Reply:* @egantner got clarification on this. @thomrburg rocks! :thehorns::skintone_2:
with this setup I cannot purchase the app for use through the VPP account that I have.
@thomrburg - Is it still necessary to create VPP for each country that a company has presence in?
I’m not 100% on that. As a global company, we utilize a single VPP account of deployment of our apps to customers registered globally. I do not know of an app we publish that would only be available in a specific country (such as Canada) and not be able to utilize VPP.
What is the app or bundle id if I might ask?
https://itunes.apple.com/ca/app/beer-store/id891836768?mt=8
Lucky you getting to work with beer for a living
ok then next question whats the best way to setup a new account properly.
is that part of the setup process for the account when its created
@egantner from my days at Marsh & McLennan, we had someone in each region create the VPP account (because we couldn’t impersonate our location, coming from an address in the US)
I’d defer to @thomrburg for clarification, as it’s been a couple years. Based on what we’ve covered thus far, it appears that may still be the case.
did this hold true even if the domain on the email was the same. it had to do with the IP where the account was created?
We just made a VPPCanada@domain.com, VPPUS@domain.com, etc
Domains are inherently global, it wouldn't make sense to prevent you having more than one vpp per domain!
You know... back to the VPP stores/accounts in different regions
It is interesting that Core/Cloud will allow you to import from the stores in the different countries. Of course, for the accompanying VPP license to be applied, I suppose you'd still have to have a legit account to supply them for that country.
@Woody Long and the short of it these days, if a common asset is available across multiple VPP stores, you can purchase and deploy from any VPP Account that has access to that asset. There should either a KB posted somewhere that makes mention of this or it’s in a Deployment Guide. I’ll have to do some digging.
*Thread Reply:* @thomrburg were you able to locate anything more on this? Still curious if multiple VPP accounts must be created for each country or if a single VPP account could be granted access to assets in multiple countries.
*Thread Reply:* @Woody From https://images.apple.com/business/docs/VPP_Business_Guide.pdf :
*Thread Reply:* Multinational support VPP apps can be assigned to devices or users in any country where the app is available, enabling multi- national distribution for enterprises. Developers can make their apps available in multiple countries through the standard App Store publishing process in iTunes Connect. Purchases still need to be made in a country where the VPP store is available.
*Thread Reply:* Right. But that’s somewhat misleading.
*Thread Reply:* The app would be published, allowing multi-national distribution. A central VPP account (singular) would be established. Then a representative in said country would need to log-in to that account and make the “purchase”?
*Thread Reply:* For your example, if an app has multinational support, and it’s available in the same country as that organization’s singular VPP Account, then it only has to purchased and deployed once.
*Thread Reply:* Ah, that’s even simpler. Time to test. Thank you, sir!
*Thread Reply:* 👍:skintone2: Let me know how it goes!
*Thread Reply:* Absolutely. Have a great evening!
A file, which can't be shown because your team is past the free storage limit, was commented on.
Does anyone have any examples of security breaches that were either stopped, or would have been stopped through enhanced mobile security?
@Martin Cygan uploaded a file: What about this?
Please be aware, Slides are owned by Zimperium.
A file, which can't be shown because your team is past the free storage limit, was commented on.
A file, which can't be shown because your team is past the free storage limit, was commented on.
A file, which can't be shown because your team is past the free storage limit, was commented on.
A file, which can't be shown because your team is past the free storage limit, was commented on.
A file, which can't be shown because your team is past the free storage limit, was commented on.
@thebjohn does the blocking of GCM happen to block check-ins for your devices in China?
I am not 100% on that, I don’t believe so though, as we have a fair amount of devices in China
GCM shouldn't block check-ins, just makes management a bit more of a ballache.
GCM would only really block real-time actions from reaching the devices. Eventually, the devices will get the action, but just won't happen as fast as a GCM enabled device
That’s kind of what I was thinking as well, @Jason Bayton/@Jesus Latorre . Would be curious to hear what folks inside China are saying, @thebjohn
Really wish I could move messages/threads to channels after they’re created. e.g the one above about GCM/Android
Now you're already unhappy you can't move posts . . Sure you want to make it more complex? :P
*Thread Reply:* Training my brain and setting examples to: A) Use Channels B) Use Threads
*Thread Reply:* Should've just used discourse :p
*Thread Reply:* Good evening, @Simon Hardy-Bistagne!
@Simon Hardy-Bistagne uploaded a file: The Evolution of Mobility Landscape.jpg
A file, which can't be shown because your team is past the free storage limit, was commented on.
Thanks! Aaron Freimark mentioned this group, so I joined :)
*Thread Reply:* Anyone @aaron refers is a friend of ours!
*Thread Reply:* Digging your website. The iPhoneLess write-up was interesting.
*Thread Reply:* Yeah, the article was a bit of a nice surprise.
*Thread Reply:* Thanks Mr. Woodsy and Aaron. It’s pretty long winded, but it’s justified when trying to do something almost no one does. I wanted to be as thorough as possible so if anyone else had thought about it, they could learn from my experience.
Would anyone have found benefit in arriving at this team via a proper URL, such as mobilxperts.com? Or do you feel that we could use a formal site as the point of entry, etc?
@Woody I have no preference, whichever you feel is best for recruiting new peeps
@Jason Bayton - nice to see you on here. I've been enjoying your Linkedin Posts and entries to your blog.
Hey @Kiran Patel thanks 😎 I have a lot of fun with it, glad you're enjoying it too 🙂
For those who newly joined, what type of EMM platform(s) and devices are you predominantly working with these days?
@Travis Beech has joined the channel
Also, a warm welcome to @marioarios. It’s nice to have you
Hello everyone. Seems this Slack-Community is getting more and more popular ;-) Should we more advertise it or is this invite only?
@Woody AirWatch (on-prem); iOS, Android and looking into Win10/macOS/Chrome OS. Been using AW for 5 years now.
Hello everybody! My name is Danijel and I'm working in the EMM space now for over 13 years. Happy to be part of this community!
Thanks Martin for your invite! @All, Martin and I are friends since over ten years 😉
@jafullersr Thoughts and opinions on AW? We are looking at their MAM only solution now as a POC
Hi all, this is Bastian. Started in the IT security back in 2008 and always have been in the area of endpoint and mobility Technoligies since then. Thanks for the invite @Martin Cygan
@thebjohn I’ve found them to have a solid solution. Are you planning to deploy internal apps via MAM? And are you ready to implement another IdP?
@jafullersr Still being discussed. We would need to implement their Identity Manager Solution with Enterprise Connector for integration with LDAP and ADFS. I am unsure as to international apps and deployment, but I would assume. Both internal and the external, so VPP May come into play, which I know gets tricky with apps specific to countries
@Herbert Lohninger has joined the channel
Thanks @Martin Cygan for your invite!
@thebjohn I was focused on internal via MAM. International public apps are less of an issue now with iOS opening up DEP/VPP to multiple markets and allow devices to be managed for those markets in one DEP/VPP account. Internal apps created and compiled with an enterprise developer certificate will still show as “untrusted” until the user goes into settings to trust the developer certificate. Not the best security approach. It peels back from MDM as the device is managed, the MDM is trusted and thus the internal app provided from the MDM is trusted. MAM really does need to just be MDM “light” when it comes to internal app distribution.
Our biggest complaint and need for MAM is that end users do not want any agent or MDM control on their device. But with AirWatch, still requires Workspace One App, but will pitch it as essentially the app catalog interface
On MAM I'm personally interested in checking out @julien's Appaloosa. Not suggesting it's the right choice for anyone here but it's piqued my interest no less.
@thebjohn What about having an empty MDM-Profile? Would this work better for customers? Would mean, no control over device, just a retire possible and deployment of Apps.
@Martin Cygan the issue with this approach that I have heard is there is still an MDM profile. You can always change those configs from your admin console and as a result impact BYOD devices
Console changes will only impact new enrollments. Existing enrollments would not be impacted.
The MDM profile has the existing settings at the point of enrollment. Change on the console can not change those settings in the MDM profile already on a device. It’s just like any other profile you publish. If you change it on the console, it must be updated on the device through a push. Thus, the MDM profile is not updated without a new enrollment/re-enrollment.
@jafullersr so are you saying that configurations for a MDM cannot be updated with regular policy updates / MDM check in?
The fact that an MDM agent exists on a device at all, whether it is managing any policies or not is the issue
@Kiran Patel Yes, at least as far as it goes with AirWatch. I also believe this is in the MDM Protocols for Apple, but would need to confirm.
Essentially, agentless MAM app install is what we are pursuing
@thebjohn Manage the content and identity for the apps/web sites then. Don’t worry about the device. In my opinion, agentless MAM isn’t there yet.
Even App Wrapping to try to manage the app only is actually against the Apple EULA if you don’t own the app itself.
Google is headed that way. I haven’t checked for Android N or O.
I don’t believe we could leverage app wrapping since an agent for auth wouldn’t exist. Simply enterprises signed internal apps or public apps
What if you enrolled with an agent, but that agent could only enterprise wipe, not full device wipe? Would that matter to you?
Nope, won’t fly, they don’t want any type of agent enrollment period
Thanks @Jason Bayton for the tip. @jafullersr I agree with you on the MDM light thing. We’re currently developing Android for Work...for iOS. Only managing apps, not devices. And boy, no full wipe.
We tried, but the requirements are strict on this one
@thebjohn Is it iOS only? What’s driving that requirement?
The requirement is mostly driven by our vision that the employer should have limited rights over a device
iOS and Android. Based around employees, joint ventures, agency employees, retirees, etc that can’t be managed
Balance between corporate control and employee privacy. It’s a tricky one but that’s the point. UX as well for adoption
What services are they expected to consume? Are they using identities that you manage?
@julien Wait, you are deploying man Android for Work type Solution for iOS?
We have afw for Android and doing it for iOS...or at least try to do the same thing: strict split between corporate/pro on the same device.
We are looking at migrating to AFW for our Android BYOD users
Just seems so much better, especially with the Tunnel capabilities
What do you do now @thebjohn , sideloading or full admin?
Well look at my thread with Jason. It is good but has also drawbacks
@julien We are using AppConnect and MI wrapped apps for our Android BYOD devices.
Looking to use it to get rid of Web@Work and be able to Tunnel Chrome in AFW. Still utilize Email+ as the client
@thebjohn if you'd like any assistance I'm about :) (For AE that is)
Docs@Work, Web@Work, Email + for our iOS and Android BYOD devices
@Jason Bayton Appreciate that. I can definitely reach out when I have questions
My colleague has been lead on the AFW stuff, I’ve had other tasks going on
@julien Without some level of management with iOS, how would you deliver certificates for trust/authentication, profiles for VPN/Tunnel/Proxy, etc? Those are the services I’m thinking of off the top of my head. @Jason Bayton For AfW/AfE, how is that agentless? Please share as we’re headed down that path very soon.
I believe we are looking to start our field test by the end of the year before getting approval to rollout
I do like the fact then when migrating to AFW, when pushing out the config, user basically just has to accept, and the Mobile@Work app and whatnot migrate to AFW and don’t have to reregister, that’s a big plus for us
@jafullersr sorry chap I didn't suggest it was agentless, however having the agent in a separate profile from the user's area isn't incredibly far off - no agent messing with the user's device, just a siloed area with very little crossover. Definitely not agentless though all the same.
Do we need a dedicated MAM ONLY channel? ;-)
@julien is there any video where we can see a deployment of your solution from scratch till the end?
@Jason Bayton we had issues with AE and AT&T devices in the US inflating System ROM apps into the AE container (such as Uber, Final Fantasy, etc)
have you seen that and is there an easy fix? We were told by Google to just block those apps but then we are playing a cat and mouse game of knowing which apps
@Martin Cygan Yes. I’m going to post this into the vendor channel. Otherwise I’ll be jailed by the vendor police.
@Kiran Patel from my understanding OEMs have a say in which system apps can be whitelisted for AE. Sounds like ATT are abusing it.
The fix is what Google suggested unfortunately .. but you'll not have to do it often. EMM system app black/whitelists make it easy, combined with something like package name viewer on the device to easily identify the package names you need to block.
I appreciate the conversation. It’s nice to have an active board.
@julien Okay, but you still install a Management Profile on the iOS device. So this would not help @thebjohn correct?!
You have no other choice on iOS 😕 we do install a management profile but only make use of the corporate apps management features. We also tell the users but that’s the furthest we can do to prove our point.
Maybe @thomrburg can chime in on management-less MAM on iOS.
@Martin Cygan With a MAM Solution, no Management Profile as they are not enrolling in an MDM
MAM on iOS will always require a management profile.
@thebjohn I am really curios how you want to protect the date in the app and on the way from the app to the service. Is there no requirement for security?
@jafullersr According to AirWatch that isn’t the care
@thebjohn You can not install Apps outside the AppStore without a managment-Profile.
Authenticating via an on prem Enterprise connector which syncs to their Identity Manager and Workspace One Console, leveraging corporate ADFS and ADS for auth and security
@thebjohn This behavior was changed with iOS 10 and even more with iOS 11. This would be a security risk.
@thebjohn I see where you’re going. No AirWatch then. All vIDM and WS1.
@Martin Cygan Oh we are definitely aware of the risk, Company seems to accept way more risk than we prefer, but ultimately we can’t make that call, only give data and give ours professional recommendations
Another area of concern is that there won’t be compliance rules that could apply to your policies in vIDM. So, any device would be allowed in this case. Even jailbroken/rooted. AirWatch is the compliance engine for WS1.
@Martin Cygan Ya, they are way more touchy feely here and all about user experience and tend to put mobile security on the back burner too much, which obviously is frustrating to us.
They will come back as soon as data will be leaked somehow :)
@jafullersr Good Point. I do know Workspace 1 acts as a lightweight agent in a way, not sure if jail broken/root detection is built into that. My guess is no considering that’s an MDM function with agent on the device, but can’t confirm
*Thread Reply:* VIDM can simply connect to Airwatch to check compliance policies so no need for an agent. It’s called adaptive management. We’re going to use this solution for our BYOD light roll-out and users will authenticate using our third party IDP which we’ve added in VIDM.
Have they classified the importance of the data that they are going to allow access to via WS1 and apps deployed there?
And it’s always the higher ups who have the most leniency when it comes to restrictions on their devices, yet hold the most secret data lol, it makes no sense. But, we can only provide data and state our case. Upper management ultimately makes the call. I mean, I don’t plan on having an argument with an Executive lol, wouldn’t be great for my career
@jafullersr At this point know. I have to imagine no PII or secret data will be transmitted via these apps since there is no security, but I can’t confirm. Although an app can transmit encrypted traffic, but using only that is not at all a security best practice
Btw. Do you guys know http://emm.how as I have seen this by accident somewhere. Seems there is some good stuff by those guys published.
*Thread Reply:* Thanks for sharing. I think I’ve seen this before, but lost track of it. Useful.
Until someone there is willing to step up and support the need for a proper security posture on the device, with the content, you’re going to have trouble meeting their requirements.
We lockdown Corp PCs to the max, but when it comes to Mobile devices, they are more touchy feely, makes no sense
I literally just said wow out loud.
@thebjohn Found a blog you might be interested in. Posting the link in the AirWatch channel as it is specific to AW.
Thanks @jafullersr I do not believe I’m part of that channel
@Jason Bayton it depends on what vendors MAM you are referring to. The spirit of some MAM is that it is app level management such as O365 and doesn’t require any management profile. It’s handled at the Azure Level
@thebjohn WS1 has root and jailbreak detection via the SDK
@Mobile Jon Excellent, thanks for clarifying, that helps!
@thebjohn all airwatch apps support compromised protection. Additionally you can build your WS1 policies to require device compliance which helps also. Check my blog out for more info on a easy and basic WS1 setup
*Thread Reply:* Device compliance is with AirWatch on the backend. @thebjohn I thought your attempts at MAM is vIDM + WS1 only. No AW?
*Thread Reply:* @jafullersr That is correct, MAM with IDM and WS1 only, we will not be leveraging the agent and MDM features
*Thread Reply:* @Mobile Jon With the above note from @thebjohn, compliance engine at the device level would not be possible. Compromise detection would need to be enabled at the console for the app, so where are the settings for these security options in vIDM/WS1?
*Thread Reply:* @jafullersr in the near future VIDM and AW will be merged for the most part. Without AirWatch you cannot achieve compliance. You aren’t going to have any MDM in play at all?
*Thread Reply:* For this solution, no. We will be running our current on-prem Mobile Iron Solution for MDM loving forward, and would run Workspace One Hosted for non-managed devices.
This will help out a bunch when we make our decisions as to what we are rolling and I start the configurations, thanks a lot dude! @Mobile Jon
@thebjohn my pleasure! I’ve been writing a lot of security focused stuff over the last few months, DLP, security hardening, etc to try to free source mobility education
@Christoph Zin has joined the channel
Welcome everybody. Seems the community is getting bigger ;-)
Also, a warm welcome to @jake and (6 others)!
Hello everyone, Nice to see this kind of communities growing :-) I’m a MobileIron / Airwatch guy with new MaaS360 skills, but first of all someone that loves enterprise mobility!
@NicolasR mobileiron doesn’t exist anymore they’re the Domino of Mobility ;)
*Thread Reply:* Not sure of that ;-) mobility is too complex to maintain to become a commodity...
Hello everyone, nice to see a community dedicated to enterprise mobility! Thanks for the warm welcome, @Woody.
Hello, @NicolasR! Great to have you and thanks for the intro!
@Daniel Pendlebury has joined the channel
Hi everyone, Like Nicolas, I am mainly MobileIron focussed and love that expanding Mobility market :)
Welcome to @Angela, @Yogesh @Mark Vonk, @Manuel, @Jules Jacklin and @Fabian!
Hello @Manuel and @Barrie Codona! Welcome to the team
Blimey, quite the influx over the weekend 🙂 If you haven't already, take a look at the available channels and get yourself settled into a few you're interested in - you can then see and take part in relevant conversations!
New Channel: #app_development - To facilitate conversation around development of apps.
Hello Mr.Woody, thank you so much. Its great to see the Enterprise Mobility group growing strong 🙂
I agree! It's amazing how many of us are out there (and how much the space is growing).
@Ole Schulenburg has joined the channel
Anyone know if SalesForce (SFDC) has the ability to provide conditional access based on the source of the user account? e.g Local vs Federated?
@Simon Elberts - FONDO. has joined the channel
For those who have recently arrived, I’m curious: Who’s LinkedIn/Twitter post did you follow to find your way over?
@Woody: I did'nt follow any LinkedIn link (although @Martin Cygan posted it) but Martin told me about it at a Technical Symposium in Frankfurt last week and @NicolasR promoted it in our own Slack Channel. 🙂
Splendid! It looks like the Technical Symposium events are going well, based on what I’ve seen on LinkedIn. Happy to hear this Team is coming up in conversations!
We had +28 new teammates join last week. Happy to have you all here!
As we grow, please take a look at the Channels available. We’re happy to create new, consolidate or rename as needed. We will also be creating an Announcements channel, to keep chatter like this out of #general 🙂
@Woody maybe we can consolidate mobileiron & mi_sentry. The latter seems very specific
*Thread Reply:* @Kiran Patel I concur. #mi_sentry is legacy from the early days haha
@Victor Pizzolato has joined the channel
A warm welcome to @burrakus, @Victor Pizzolato and @Paul Conaty!
@Florian Moennig has joined the channel
@Woody MTP channels ? (Lookout, Checkpoint, Zimperium…)
@Amine welcome! those can be created as vendor channels with a v_ prefix.
@Amine Great idea for the MTP channel! We are getting ready to roll out our MTP next month.
I second @Amine as I would love to talk more about Zimperium
@Jason Bayton shared a file: AE-approving apps and commented: Anyone using BlackBerry, Intune/EMS, SOTI or something else, do you get this same weird issue of having to scroll a lot to approve an AE app as I see in AirWatch?
A file, which can't be shown because your team is past the free storage limit, was commented on.
@Amine, @onires53 and @HackediOS - Your wish has been granted 😁
@Philipp Steder has joined the channel
Also, welcome to @Marco Foellmer and @Brett Dal Santo 👋
Anyone taking the plunge and pre-ordering the iPhone X next Friday?
*Thread Reply:* I've pre-ordered the Pixel 2 XL, which I guess is a similar level of fanboyery 🙂
*Thread Reply:* I would be interested in doing a side by side with the Pixel 2 XL, looks pretty slick
*Thread Reply:* I need to check and see what’s included as part of my iPhone Upgrade Program…
*Thread Reply:* I’m with T-Mobile and already eligible for Jump, just have to wait for the preorder release. I ended up getting the Wife an 8.
*Thread Reply:* I’m evaluating making the jump to TMo right now @thebjohn. How’s it been thus far for you?
*Thread Reply:* Really looking forward to the Netflix and free GoGo WiFi on Delta (albeit still slow as dial-up)
*Thread Reply:* Here in The Mitten, I’ve had no issues with T-Mobile. My family back in Phoenix complains they have issues, but I’m not there anymore, so I don’t care 🤷:skintone2:♂️. Ya they are good with those types of incentives. “Unlimited” data has been a life saver for me, 8-10gb average usage for me monthly
*Thread Reply:* We use WiFi Cellular almost exclusively and when we travel it’s not to anywhere too far off the grid, so I figure we’ll be okay there. We’re on VZ unlimited now and I agree, we go crazy (because well, we’re paying for it()
*Thread Reply:* If you are paying for it, may as well take advantage of it!
*Thread Reply:* I was looking forward to comparing the two also as a former colleague was getting the X..
But he backed out this week :(
*Thread Reply:* Backed-out as in left the firm? #Quitter
*Thread Reply:* Decided not to sink into further debt I guess :p
*Thread Reply:* He was a former colleague before this already 😁
*Thread Reply:* I’ll be up at 12:01 buying two iPhone X
*Thread Reply:* Keep 'em in rotation @HackediOS? 🙂
*Thread Reply:* But of course @Jason Bayton!
*Thread Reply:* You can send one of those 2 my way for testing purposes @HackediOS
*Thread Reply:* @thebjohn I would but they’re actually going to be in use :)
*Thread Reply:* Go big or go home @Russell Mohr :the_horns:
@Gabor Heinemann has joined the channel
We’ve got new channels for specific vendors, if you’d like to join in those conversations: #vgroundcontrol #vcheckpoint #vlookout #vwandera #vzimperium #vappaloosa
Worth pointing out at the moment some of the vendor channels don't have vendor reps - just in case you wondered 🙂
Lookout and Zimperium has now :-)
We’ll see if we can locate some. It’s only fair to have someone on board for each 👍:skintone2:
Jean christophe here from lookout. Glad to be part of such skilled team and eager to contribute
If you haven't seen it already @jcpru the #v_lookout channel is already up and running 🙂
i m luc i come from paris and i work with Nicolas RAISON
Would anyone benefit from a Channel focusing specifically on Office 365?
*Thread Reply:* Okay @Amine - Let’s use #microsoft for EMS and add an #O365 channel for anything specific to that service
@Steffen Schlueter has joined the channel
@Daniel Eiler @Thomas H. @Dennis Dorst welcome! 👋
@Matthias Eberle has joined the channel
@Laurent MARECHAL has joined the channel
Ha, a small influx on a Friday morning 😎 welcome folks!
@Christian Jucker has joined the channel
Nice to have slack now also for this !
@channel Please check the available Slack-Channels here!
@Christian Hübner has joined the channel
Anyone missing Telnet after you upgraded to MacOS High Sierra? HomeBrew to the rescue! https://dor.ky/restore-telnet-in-mac-os-high-sierra-10-13/
*Thread Reply:* It was a 32-bit app, @NicolasR and was holding us back, LoL. Fortunately it can be brought back via HomeBrew or searching through a time machine backup.
Anyone decent with Photoshop? I'd like to knock up a proper logo for the community. Join me on #meta to help!
Useful list! (Disclaimer: it mentions me 😊) http://www.brianmadden.com/opinion/All-of-Jacks-favorite-enterprise-mobility-management-articles-and-resources-updated-for-iOS-9
*Thread Reply:* Awwww yesss I'm there too!
@Joerg Hochwald has joined the channel
Anywhere here using Cisco Legacy AnyConnect?
The reason I ask, it seems it was pulled from the AppStore temporarily, and will be back in a day or 2. If anyone is publishing this in their AppStores, just an FYI
Interesting @thebjohn. Any justification as to why it was pulled?
Not entirely sure. They only posted this:
https://m.facebook.com/story.php?story_fbid=2056564121082217&id=167074500031198&__tn__=%2As%2As-R
I’m guessing maybe they published a new version with issues and pulled it, rather than waiting on a fix, but I cannot confirm that.
A file, which can't be shown because your team is past the free storage limit, was commented on.
Anyone knowledgeable with the Google API stuff? I've spent ~3 hours trying to figure out OAuth 2 via curl so I can play with this Android management API and getting nowhere.
@Jason Bayton I would highly recommend using POSTMAN over cURL. POSTMAN has built in support for OAUTH 1.0 and 2.0.
@Travis Beech thank you, I do have it installed, however I'd like to integrate it into a very simple webpage, in which case PHP+cURL seems like a natural fit.
I see. I thought you were just testing the API's out 🙂
I used the API explorer they offered on the quickstart for that 🙂
@Sascha Spangenberg has joined the channel
Raise of hands to who pre-ordered the iPhone X today? I’m one 🙌:skintone2::thehorns::skintone_2:
We have 6 coming our way. Just got confirmation that the order was in yesterday.
Through Apple? I had to go through my carrier, so I have to wait 6 weeks or so 😩
@Jason Bayton Although I bought five, none of it was my money and in the process, I got one of them for myself for free :)
@thebjohn I bought all five through the Apple Store app on my iPhone 7+ using Apple Pay
Ah well that's a different matter then.. happy days and congrats I guess 😁
Happy Monday, folks 😎
hey Russ, you were on my list of people to ping this morning. How are you?
@Jason Bayton Sorry Jason. Woodland was slow on the invite!!!
We just needed time to make sure this was worthy of @Paul Troisi before the invite went out 😉
WOW!!!! The pedestal is real high this Monday morning Eric! Txs
https://www.theverge.com/2017/10/30/16570244/google-pixel-2-xl-poor-audio-recording-quality
Still have the price of the iPhone X I pre-ordered though….
and https://www.theverge.com/circuitbreaker/2017/10/30/16569368/pixel-2-empty-packaging-wired-pixel-buds
*Thread Reply:* And again... https://www.reddit.com/r/GooglePixel/comments/7a7jec/finally_got_my_pixel_2_xl_today_only_it_was/
*Thread Reply:* the pixel is the only device that could make me switch from an iPhone, but it’s not going to be this year
*Thread Reply:* I’ve got a Nokia 8 on the way for some Android enterprise testing, their kit is super vanilla and I’ve got a feeling it might be enough to satisfy my requirements.. though I’m still after the Galaxy to test Linux.
Ouch. Still plenty of time to make it right. Provided they don’t discover they’ve got batteries exploding…
Meanwhile, I’m still enjoying the original Pixel unit.
*Thread Reply:* Ditto, @thebjohn! We’ve got a #CandyOverload here and we haven’t even been out to see the neighbors.
That's what happens when you go Trick or Treating at the local college Eric!
@Wolfgang Bauer has joined the channel
Has anyone looked into management capabilities of AR/VR devices (like HoloLens), if so, does it provide capabilities worth managing? (WiFi configurations, app deployment, patching, security)?
Or any Windows 10-based AR/VR platform for that matter
You can brand them up quite well with a 3D company logo taking up 2/3rds of your view. Innovative stuff 😄 (no I haven't looked into it)
Lol. Well, we are tasked with looking at capabilities of management, and if it would be beneficial to do o
I believe, but do not hold it against when its not correct, that as of Windows 10 v1703 (Creators update) the default (or a subset of the) MDM capabilities within Windows 10 work on the Hololens. Check: https://docs.microsoft.com/en-us/hololens/hololens-requirements
Thanks for the info! I’ll definitely look into this
*Thread Reply:* OMG. What happened between Pixel and Pixel2?
I can’t help but laugh at this point
Is that what you call "QA at its best"!
We don’t have a Google/GMail channel per se, so feel free to post your question up in #general 🙂
/poll You’re stranded on an island. Allowed one last conference call to arrange a rescue. Which communication suite would you use? “Lync aka Skype For Business” “GoToMeeting” “WebEx” “Google Hangouts” “Other”
/poll You’re stranded on an island. Allowed one last conference call to arrange a rescue. Which communication suite would you use? “Lync aka Skype For Business” “GoToMeeting” “WebEx” “Google Hangouts” “Other”
/poll You’re stranded on an island. Allowed one last conference call to arrange a rescue. Which communication suite would you use? “Lync-Skype For Business” “GoToMeeting” “WebEx” “Google-Hangouts” “Other”
/poll You’re stranded on an island. Allowed one last conference call to arrange a rescue. Which communication suite would you use? “Lync-Skype” “GoToMeeting” “WebEx” “Google Hangouts” “Other”
/poll You’re stranded on an island. Allowed one last conference call to arrange a rescue. Which communication suite would you use? “Lync-Skype” “GoToMeeting” “WebEx” “Google-Hangouts” “Other”
Eric mate, my phone is going mad with these polls
Yeah - The Poll app apparently doesn’t like spaces in the options
I ask, only because WebEx VoIP audio has been pretty unreliable over the past week or two
If the island supports VoIP I may not need a rescue.
*Thread Reply:* I almost made a vote entry for something like that, LoL
I think it’s fair to say that a conference call would not be my go-to form of rescue request mechanism.
@Jason Yeah, I was just wanting to play with Polls. I was more or less getting at “which do you feel is the most reliable” of the mainstream offerings
*Thread Reply:* None are brilliant alternatives based on my usage of them. Where’s my message in a bottle option? 😉
*Thread Reply:* Good one! If only I could update the poll on the fly. May have to look for an alternative plug-in that offers that feature.
*Thread Reply:* I’d like the Message In A Bottle option, but also one that will include a performance by Sting and The Police
*Thread Reply:* I like that song, but never understood the line “A year has passed since I broke my nose…” (listen carefully!)
*Thread Reply:* I concur. He probably needed filler material for that particular part of the verse and, well… that did the trick
Ha. Pixel ain't alone any more!
https://thenextweb.com/apple/2017/11/10/iphone-x-displays-plagued-mysterious-green-line-death/?amp=1
*Thread Reply:* Aw, snap! Fun time of year to be starting that process.
*Thread Reply:* Not in the Mitten. Which may play to our favor though
*Thread Reply:* Anything specific you’re looking for, besides kid friendly with more room, etc?
*Thread Reply:* Basically that. 4 bedroom 2.5 bath and if a finished basement, excellent, if not, big enough to finish for a man cave
*Thread Reply:* I ordered a note 8. Not anywhere near as exciting as a new house though.
*Thread Reply:* Yeah @thebjohn you’ll be set with the 4BR 2.5BA and a finished/partially-finished basement
*Thread Reply:* As long as the price is right in a good area, that’s the stressful part.
*Thread Reply:* Let me know how that 8 is @Jason Bayton . I’m still loving my X so far
*Thread Reply:* I’m gonna go the X route as soon as we get transferred to T-Mobile. Since work provided a Pixel, I’m good on the Droid front for the time being.
Live in New England! Leaves, leaves and then some more leaves!
Curious: Has anyone looked at Samsung’s EMM offering? https://www.samsungsds.com/us/en/solutions/off/emm/EMM.html
*Thread Reply:* They're setting me up with a trial imminently.
*Thread Reply:* Actually, I think I recall seeing this on one of your recent LI posts. Right?
*Thread Reply:* Yup! They'd told me something was launching a couple weeks back but weren't heavy on details. Now we know!
*Thread Reply:* I suppose Apple might as well launch their own MDM. File under “Everyone Else is Doing it”
*Thread Reply:* This is replacing their previous EMM - IAM MDM (or something like that). But yes agree. Sony has one too don't you know
*Thread Reply:* Everyone is trying to get market share in this space
*Thread Reply:* We had a meeting with Apple and it definitely sounded like zero desire to get into that space
*Thread Reply:* Samsung told me many times, they do not have (big) customers using it! Do not believe Apple would ever do things like that.
*Thread Reply:* Yeah - We saw what happened during the first MDM boom - They either all went belly-up or were acquired. IdK why Samsung thinks we need yet another offering
*Thread Reply:* They will make something in KNOX proprietary to their MDM to entice people to move to it, just a guess
*Thread Reply:* @thebjohn There will be a very big change with OREO in Knox v3.0, so I would not expect things like that 🙂
*Thread Reply:* Yes, we have set it up multiple times. For specifically Samsung devices its ok. For example if you want to do KNOX workspace or KNOX MDM APIs (former SAFE). For generic Android (AfW) and iOS, the product is lagging some important features.
*Thread Reply:* Samsung MDM offering is absolutely a mess... even non mature customers rejected it!!
*Thread Reply:* (Bugs, not easy to setup/understand and also their connector requires some domain admin permissions to bind the domain)
OnePlus 5T launches today. Anyone interested? Opinions on the engineering backdoor they've been leaving in? (sigh)
*Thread Reply:* My son used to rave about OnePlus, their themes, the Oxygen OS, etc., though after a couple of years using them he now wants an iPhone again… (He’s almost 19, if that makes a difference?!)
*Thread Reply:* I think there's still a big following but the charm is wearing off as they up the price every release.
*Thread Reply:* Interesting. Thinking that back door left in will probably steer a lot of folks in other directions.
*Thread Reply:* Absolutely. Intentional or not there will be those who will lose all trust. O+ are either reckless or pretty awful.
It's not a massive issue given from what I've seen it requires ADB to activate it (tell me otherwise..) but we need better.
*Thread Reply:* Agree. In this day and age, it’s tough to think releasing a product with inherent/documented security risks would be found to be acceptable.
Curious: Do we have anyone here using CBA for auth with Exchange CAS?
*Thread Reply:* Obviously there has always been Kerberos Constrained Delegation. Curious if anyone is cutting-out the Kerberos and just having the client authenticate directly using an Identity Cert.
*Thread Reply:* I prefer Sentry blocking non-compliant devices to removing complete configurations from the device. Or would you use Integrated Sentry in that scenario? Or MI Tunnel?
*Thread Reply:* Can be done, but not tunneled through the Sentry. So you either need to publish a CAS on the public internet or use a LB of some sort to handle this (f5, netscaler).
*Thread Reply:* Ps I never really use Sentry block as the data remains on the device. Using Quarantine options, you remove the certificate and data and thus stop non compliant devices
*Thread Reply:* I like to have both options available depending on the type of violation. Quarantine means the mail config is re-pushed, removing all user-configured settings and performing a full sync.
*Thread Reply:* Honestly - If you’ve got KCD/CBA, removing and re-push/re-sync isn’t bad (provided the customer has a small default sync period). I get leaving mailbox data on the device, but losing it all together would drive most into correcting the problem.
@Marco - ISEC7 Group has joined the channel
@Axel - BlackBerry has joined the channel
Ahhh. that lovely feeling of closing out one job… having a few days of rest before starting a fresh role!
*Thread Reply:* Indeed! I think Vodafone is starting to wobble now under the lack of product development, so I thought i’d make a move before things got messy.
*Thread Reply:* Must've been a while in the making with their 3 month notice, unless that's not required elsewhere. Where are you headed?
*Thread Reply:* 3 months toiling away and ticking off the days indeed! Will PM you otherwise i feel a sales influx of DMs!! lol
*Thread Reply:* Wow, a 3 month notice! Is that typical with just Vodafone or across the board in their region?
*Thread Reply:* In vodafone 1 month is standard, 3 months is also standard when you're a certain band or above.
*Thread Reply:* Ah, okay! Yes, that seems fair to all involved parties.
*Thread Reply:* When you're special like myself and @Simon Hardy-Bistagne, you can't avoid that 3 months 😛
*Thread Reply:* It’s nice someone thinks we’re special @Jason Bayton !
@Simon Hardy-Bistagne Nothing better than the thrill of a new challenge. Wishing you all the best in your new venture Simon!
https://techcrunch.com/2017/11/28/astonishing-os-x-bug-lets-anyone-log-into-a-high-sierra-machine
I'm guessing most have seen this by now. That has to be hands-down the best balls up I've seen in a while!
I’m sure they will have a fix out super quick
Can you set a password for Root to get around this in the meantime?
Fix is out for Mac already.
/poll “Are you going to Mobile World Congress 2018?” “👍” “👎” “🤔”
I would love to @julien - Unfortunately, I think we’ve got a fair amount of coverage in the Barcelona area so the local guys will get first dibs 🙂
hehe understood. I wanted to set up a meetup with this slack workspace to get in touch in person for once!
That’s a great idea @julien - Would you like to create a channel to facilitate conversations about Mobile World Congress 2018?
*Thread Reply:* Is certainly like to, though imagine it won't be a million miles off my Asus Chromebook flip with android app compatibility
*Thread Reply:* How’s ChromeOS looking in terms of management?
*Thread Reply:* It's on my list to test, but absolutely zero interest from customers to date
*Thread Reply:* Gotcha. Nice looking devices. Would like to get my hands on one as they mature for Enterprise use.
BlackBerry/Good forums are closing so there will be a few of my contacts joining the group soon.
Welcome Matt! Plenty of experts in here ;)
Great to have you. Did you find us on your own or invited by a fellow colleague, etc?
LoL - I wasn’t sure if he was specifically invited by @Damian - I just knew there could be folks coming from the BB/Good forums
@Damian and I have had many discussions at the old forums. I am happy to be invited.
Let’s say @Matt Cooper and I were some of the few vocal ones ;)
You may want to reach out to Mick Flannigan as well.
You can invite him sure - I’ve met Mick a few times
Curious - Does anyone subscribe to podcasts for Enterprise Mobility? If yes, care to share? If not, interested in creating one?
*Thread Reply:* Just brainstorming. Something to recap what’s going on in the EMM arena for those who aren’t able to join, don’t have the time, or have long commutes and need something to bide the time
*Thread Reply:* That sounds cool. I'd be up for taking part.
*Thread Reply:* A former colleague of mine is a member of the Network Collective http://thenetworkcollective.com
*Thread Reply:* I kind of like the approach they’ve taken
*Thread Reply:* Just food for thought. I think this could be great for 2018!
*Thread Reply:* I’d be happy to host it, on enterpriseios.com. Android welcome too.
*Thread Reply:* I will take a look later as well. I have a very short commute, but it would be something I would listen to while working down in my shop on decidedly low tech stuff.
*Thread Reply:* If we do get a few projects off the ground we'd do well to get something public set up I think. Even a simple landing page would do as a place to link to off Slack.
*Thread Reply:* Oh, absolutely. I think perhaps it would make sense to have a couple “staple” hosts, then invite members from this team in, depending on the subject matter, etc.
*Thread Reply:* interested
*Thread Reply:* Great idea. I am interested.
*Thread Reply:* Did you guys ever manage to get this going?
*Thread Reply:* Not just yet @Damian. Are you still interested? I want to, but my schedule can’t take on any more until March or so. Buying an older home has my nights/weekends tapped-out
*Thread Reply:* @Woody I’m interested too.
*Thread Reply:* Still interested here. @ a new gig over at Okta, so getting the ropes down and then I can jump back in
*Thread Reply:* I hope it goes well for you there.
*Thread Reply:* Thanks @jafullersr - It’s been fun thus far!
*Thread Reply:* Hey folks, did this ever happen?
*Thread Reply:* I don’t think there are any podcasts out there that deal with pure mobility
*Thread Reply:* Let’s make something happen?
*Thread Reply:* Okay - I think we can make this thing a reality. I think we should follow in the footsteps of my friends over at Network Collective - https://thenetworkcollective.com
*Thread Reply:* Legit site for presence, with information about who contributes, links to videos, social medial, etc.
*Thread Reply:* I hear @thebjohn will have some free time for a couple weeks, LoL
*Thread Reply:* Maybe in a couple of weeks 😁. This new gig has been crazy hectic out of the Gates. I’ll get the hang of it quick!
@Jay has joined the channel
*Thread Reply:* Thanks @Jason Bayton it’s great to be here! 😉
delinquent days of channel takeovers on EFnet 🙂
Hey @Yoni Toorenspits! Yes, it is certainly reminiscent of IRC. EFnet, wow! Haven’t heard of that in years.
by far not enough bots here to provide the real IRC feeling
Welcome @Yoni Toorenspits good to see more of the Goodberry faithful arriving 😂
not going to use the machines just want the black keyboard mouse and cables
@Preetham Guram has joined the channel
Hi @aaron, thank you for the invite.
Hey @Preetham Guram good to see you 😉
Hey @Martin Cygan 😊. Like they say, “Birds of a feather flock together”
Blackberry announced the End of support for the Priv... 2 years after release, with Marshmallow installed on it
*Thread Reply:* Honestly not too involved in the blackberry side of things, though I do wonder what they've done to Android that allows them to claim it'll be secure without patches..
They have their own Mobile Threat Defense app on it ;)
It's done, the community.blackberry.com site is no longer available.... 😤
*Thread Reply:* Yup I believe I got the last post.
Is anyone already upgraded from UEM 12.7.1 to 12.7.2? Just did it in our test server and direct connect stopped working...
@Nabil you should post this in the BlackBerry/Good channel
@Yoni Toorenspits @Matt Cooper you guys seen this issue? We’re using the standalone dynamics so I can’t really help...
and fyi, i've seen an upgrade wipe the keystore settings of the GC database for the GP servers
manually adding them back to the properties table should fix the issue
ah found the channel, i'm new to Slack
@Matt Cooper i'm surprised to see your name missing from the #goodberry channel
*Thread Reply:* @Yoni Toorenspits shows me as joined. The reddit site is dead.
who in their sane mind buys BlackBerry devices? 😎
*Thread Reply:* I agree. But Blackberry has extended support for two more years
BlackBerry has been going down the shitter for years and nearly cost them the company
now they are back on track by buying up some companies with proper software solutions
BES12, i mean UEM has been getting really Good since they bought Good
but man, BlackBerry devices... especially nowadays since they licensed it to TCL
Check my response in the Goodberry. @Rob H has seen this.
I invited you there. it seems when you invite someone, they auto join.
*Thread Reply:* Must be @Yoni Toorenspits thanks for the invite.
@Dave van den Bergh has joined the channel
Merry Christmas and Happy New Year folks! Thanks to all for helping build the best EMM community around :)
Merry Christmas and Happy New Year for all my interweb friends. Glad to be hear.
Enjoy and be safe everyone. Merry, Merry and HNY!
Happy Holidaze everyone from NYC
@Damian uploaded a file: Merry Christmas from Paris!
@macbentosh uploaded a file: Image uploaded from iOS
A file, which can't be shown because your team is past the free storage limit, was commented on.
*Thread Reply:* base models…They didn’t need more..They wanted them for the color
*Thread Reply:* And the graphics go up to 16gb right?
*Thread Reply:* That's nice; I just revived my hex-core rig with a new board and octacore CPU after it cooked in summer. Only 4gb graphics though 😛
Happy new year all! Question for you all; we have not seen a lot of Mobile VDI (VMI) actually being implemented. Customers pretty much want mobile apps, not VDI. Is this actually still a thing in your area? Are customers still requesting mobile VDI? With XenMobile, this seemed to be a thing a while back, but it does not seem to evolve further. Can't say I know enough about AirWatch and the VMWare integration. Anyone has some experience, customer requests, insights? Thanks!
I’ll stand up here (and be ready to be shot too). I met a couple of organisations who were deploying VMI, yet having issues. One in particular was failing to make the connection between the mis-matched user experience (i.e. VDI typically being better with mouse - tablet being more touch) and the lethargy from their users not returning (or refusing to return) the trusty laptops. Unless someone can offer evidence to the contrary, i struggle to see how this can be useful. fail to deliver a good UX, fail to deliver a project IMHO
Happy new year everyone 😄
Thanks @Paul_O, I tend to agree. User experience seems to be the main issue. Was just curious if anyone had any success stories or potentially sees growth. If not, the questions is what the real value of Citrix XenMobile and Airwatch in WorkSpaceOne is?
Happy New Year everyone! Wish you the very best for 2018. With a new year upon us, I would like to get this target-rich audience of Mobile Specialists to free-flow their thoughts about what 2018 holds for us, This is simply to get a thread going to share thoughts, ideas, and vision across multiple disciplines in the mobility space. For instance, I personally believe that the mid-market will FINALLY come around to clearly recognizing the true value of a solid mobility strategy, front to back. I also think this could be the year of MTD/MTP is accepted as part of a larger strategy, as potential acquisitions will help validate like it did with MDM/EMM 3+ years ago. There is my $.02!
*Thread Reply:* …need more ☕ before responding, @Paul Troisi. However, I do agree regarding the mid-market provided we continue to drive the overall value of EMM/UEM upwards.
The question is: What else in 2018 will continue to drive that value up?
Anyone decided to up their minimum iOS version to 11.2.2 to help remediate Spectre and Meltdown?
*Thread Reply:* We sent communications to all our Corporate devices requiring the upgrade. And strongly suggested for our BYOD devices.
Depending on the customer; yes, some of them did. But only the most security-concerned customers
Already posted to Android channels but for posterity... We’ve got a new MobileIron podcast on Android for anyone interested.
https://www.mobileiron.com/en/smartwork-blog/evolution-android-enterprise-part-1
Hey! Do you know if it’s possible to install a paid app using the Apple AppStore and convert it to managed without VPP? thanks!
It's the same as a free app isn't it? Just the payment requirement between.
It seams that it’s not working but I don’t have the ability to test quickly so I’m asking is some of you already did that...
I think what Jason is saying, taking over management of an app is the same whether it’s free or not. Do you have it set as managed in your MDM? Have you set your MDM to manage the app if it’s user installed rather than installed via the MDM’s app storefront? I can’t say I’ve managed individually purchased apps, we have taken over management of redemption code purchased apps.
Haven’t tried with an individually paid app but I would think it should work
iOS Apps which cost money can only be distributed as managed when using VPP, therefore I'ld rate this as prerequisite. iOS will not allow the conversion without VPP.
I think it’s not correct. I have one case where the users already bought the app in the store and I provide the app without VPP in MDM AppStore as a managed app and it ask to convert the installed app into managed.
I do believe that is accurate, @Robert R.. It seems the Convert option existed before VPP was widely adopted and that the two are not dependent upon one another. It’s just been awhile since I’ve dealt with a Non-VPP instance.
I agree as well. The OS doesn't really know if the app is a paid for app or not, it doesn't care (iTunes is the one that would really know if it was paid or not). If an app doesn't have that "managed" flag enabled, an MDM can be configured to take management of that app. In MaaS360, it's done by actually having the application distributed to the device. Having VPP would also do the same.
@Robert R. You are correct. Managed is only a flag on the app. VPP is a method of purchasing apps in bulk for distribution, typically via an MDM. The two can be mutually exclusive. When the MDM requests from the device that it mark an app as managed, the device will prompt the user that your MDM is asking to manage the app. This is typical and expected.
No MDM can invisibly mange an app that is installed by a user. It requires their consent to do so. If the app is installed by the MDM, it can manage the app based off of an option to do so. It isn’t required that the MDM manage every app it installs. However, you do want to manage the app if you wish to remove it and it’s sandboxed data upon un-enrollment (enterprise wipe).
The user interaction is expected, I totally agree. But isntalling an App as managed, which has to be purchased, requires VPP. > When a server requests the installation of a managed app from the App Store, if the app was not purchased using App Assignment (that is, if the original InstallApplication request’s Options dictionary contained a PurchaseMethod value of 0), the app “belongs” to the iTunes account that is used at the time the app is installed. Paid apps require the server to send in a Volume Purchasing Program (VPP) redemption code that purchases the app for the end user. https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/3-MDM_Protocol/MDM_Protocol.html#//apple_ref/doc/uid/TP40017387-CH3-SW52
Converting an App is the same as an installation, from the MDM protocol point of view.
The app can belong to the user, but still be managed. All non-VPP apps belong to the user iTunes account don't they.
All non VPP Apps belong to the user. No matter whether they cost money or not. That's right. But shifting such Apps, which cost money, into the iOS managed space requires, according to the above documentation, a VPP token.
Does anyone have a fresh device by hand and probably some time to test this? 😄
Easy enough test, just added the app I already had to the Core and selected it to convert the app to a managed app.
Seems the Apple documentation is not accurate 😄 Thanks!
Analysis of our aggregated and anonymised IronWorks customer data shows that most devices are still unpatched against the recent Meltdown and Spectre critical vulnerabilities.
@Jason uploaded a file: Meltdown Patch Status (12 Jan 2018)
(IronWorks is our MobileIron management reporting solution - more details at https://www.bridgeway.co.uk/ironworks if you’re interested)
In fact, this lead to further investigation, a blog post and a press release that all went live today: https://www.bridgeway.co.uk/blog/only-4-percent-of-enterprise-mobile-devices-are-patched-against-meltdown
Just created a new room for Apple and posted a topic in there if anyone would like to contribute? :)
*Thread Reply:* I do not see it. Am I missing something?
@lovelessinseattle has joined the channel
We have looked at several VDI type solutions and feedback from our customers is no. They want mobile apps. They do not even like using the Microsoft Web apps.
We are looking at Appdome. Problem is getting vendors to play nice. They do not need to right in an SDK, they just need to supply an updated binary in Appdome's library. Then we would fuse it ourselves. Supports quite a few vendors. Airwatch, Blackberry, and others.
Hi folks, CWSI and Google are running a Mobile Thought Leaders event in Google Dublin on the 2nd of Feb if anyone's interested in coming along. https://cwsi.ie/state-enterprise-mobility-2018/
@Christian Bell has joined the channel
Welcome @Joey Gleason @aaron4mobile @Tschoe @Pierre and @Christian Bell! Nice little influx of users recently! :)
Anyone heard of or going to the Roomn ‘Mobility event’ in March?
*Thread Reply:* Looks interesting, but after MWC my next ticket will likely be out the door if I ask for any more international events
*Thread Reply:* https://en.roomn-event.com/ March 6-8 in Monico
*Thread Reply:* Yeah I've been "invited"... just wondered if anyone know the even or the benafits
*Thread Reply:* A couple nights in Monaco sounds pretty beneficial to me!
*Thread Reply:* @julien can tell you more about it, as we participated last year
*Thread Reply:* I think my follow-up question would also be how french language heavey is the event too.
*Thread Reply:* We have attended last year. The only positive thing is that we had a good time clubbing with customers and partners. For everything else than that, you can avoid.
*Thread Reply:* Not sure if this isn’t actually an incentive for you guys to attend 🤔
*Thread Reply:* @Simon Hardy-Bistagne where are you in France?
*Thread Reply:* Living in Marseille, but in our Paris office every other week.
@Binitha Anil has joined the channel
I'm having a lot of fun with these. Had to knock the mics off though as they were freaking out trying to decide which one gets to respond to me.
Anyone have thoughts on cleanup/consolidation of channels?
The Google experience is so much better than Alexa... If only I could connect more than just my Gmail calendar to it...
going to try and get a wifi profile on a homepod next week
Not at all @macbentosh. Don't think I've seen any indication they can be managed!
I mean, we joked about the whole backdoor in Centaur for the government thing being a joke, but...
Welcome to @Jorge Escala and @Steven Parker!
Do any of you have regular interactions with “industry analysts”?
Do you put much weight in their opinions?
Are there any particularly good people out there or on the flip side who to stay away from??
I’m just interested to hear your thoughts... I’ve plenty of experience with Gartner, idc, Forrester, and Ovum... but I’ve been seeing others out there offering up their “expertise”.
We had Gartner talk to us a one point. The only thing it really did was confirm my points to upper mangement (funny how much more weight is given to the 'outsider'). I think the best option is to talk to all your peers (not necessarily in the same vertical, but at the same size/deployment).
*Thread Reply:* I agree. Analysts are a necessary evil. Peers are better for real world validation, but the higher-ups always want to hear from the analysts.
Simon, I have a couple analysts that I am friendly with out here in Boston. One of which we get together to talk about the trends that we are both seeing in the industry. This also offers a great opportunity to hear what they have to say and they get to hear what you see. I don't hinge on every word, but often good to hear from a 3rd party about topics you may have over-looked. I also have one that contacts me frequently about major topics and wants to hear an opinion from those that are hands-on in the field. Recently gave an opinion on the battery debacle with Apple. Good to be viewed as an industry insider as well. Just my $.02
So... I'm on the look out for a company who can provide and maintain a vending machine full of IT peripherals (think chargers, cases, USB cables, car kits, keyboards, mice, etc) on a number of my corporate sites.
Ideally to link up into either a system that bills the company or the internal salary sacrifice systems as well as taking cards.
Kind of like those machines you see in the airport selling headphones and SD cards.
Does anyone know of such a vendor out there?
Try this out @Simon Hardy-Bistagne https://www.ivm-vending.eu/ This is what we are using. They arent the best but its a starting point.
Where are the Corp sites @Simon Hardy-Bistagne ?
Global, (of course!) but pilot would look to be Paris and/or Grenoble, and if successful the a phase one within EMEA and potentially the US.
I’m visiting a partner in the Midwest US that does this (among many other things) but I don’t think they have a big enough global reach. I’ll ask discreetly and let you know if they do @Simon Hardy-Bistagne
@Unifiedmobility has joined the channel
@Alex Bleisch has joined the channel
@Ronan Le Gallo has joined the channel
Blimey look at all the new members! Welcome @Brian Zimmer @Unifiedmobility @Aul_Well @Stefan Terelius @Jerome Pascal @Dwight Harper @Eric Bos @Alex Bleisch @Simon @zhenglei @Ronan Le Gallo @adamo and @Rob Owen! 👋👍🤩
Thanks @Jason Bayton and @Simon Hardy-Bistagne
@Bruce Wittenmyer has joined the channel
@Radek Hanak Ficbauer has joined the channel
@Guy Bachelier has joined the channel
I`ve a question, I would like to ask you for any documentation about Maas360, especially about MaaS features. Do you have anything like that?
*Thread Reply:* Hi Tomasz, sure for all Technical Documentation we have the IBM Knowledge Center https://www.ibm.com/support/knowledgecenter/en/SS8H2S/com.ibm.mc.doc/mc_collateral/mc_landing.htm
*Thread Reply:* Also we have the public community site here: http://www.ibm.com/developerworks/connect/maas360
*Thread Reply:* Also I’ll add you to the MaaS360 channel
Saw this on LinkedIn and had to share...
Me: What's the Wi-Fi password? Barman: You need to buy a drink first. Me: Okay, I'll have a beer. Barman: Is Fosters okay? Me: Sure. How much is that? Barman: £3. Me: There you go. So what's the Wi-Fi password? Barman: you need to buy a drink first. No spaces, all lowercase
Curious - Has anyone tried or actively using AppDome? https://www.appdome.com
Same as Jeremy. Currently testing AW SDK integration into an APK for a customer, not a success at the moment but not sure it’s Appdome’s fault. Currently working their support, will keep you posted.
*Thread Reply:* That sounds good! Thanks for the feedback @Amine
*Thread Reply:* hi Amine, I would be happy to help you with your issue fusing the Airwatch SDK. I am meeting with our support team tomorrow, so i could look into this for you. feel free to fwd me details at alan@appdome.com
*Thread Reply:* hi Amine, I would be happy to help you with your issue fusing the Airwatch SDK. I am meeting with our support team tomorrow, so i could look into this for you. feel free to fwd me details at alan@appdome.com
Hi All,
I have a requirement from one of our clients to utilize a .PFX cert as a device identity cert for WiFi authentication but the EMM solution they have bought doesnt support .PFX file distribution. >.<
I managed to workaround this limitation for their iOS devices by creating a profile with Apple configurator 2.5, exporting it and uploading it as a .mobileconfig file.
My question is, is anyone aware of a similar configuration tool for android devices that i could use to perform this function?
@Aul_Well does the service support p12 files? If so you can easily convert a pfx to p12, when you open the PFX does it contain several certs?
^^ This. PFX may even contain a private key too, so it really is an ugly format and can lead to inadvertent security gaffes. Best to translate (e.g. with openssl) to CER and PVK formats.
*Thread Reply:* Hey, Sorry for the slow response guys.
@Jeremy The solution doesn't support p12 unfortunately. Which is where the issue is arising @Jason The PFX does in fact contain the private key. The client is aware of the security risks involved with this method but is currently emailing the cert to device users anyway. i have advised them that integration with their CA to allocate and distribute SCEP/ NDES would be a much preferred method, but currently their CA is 2 years out of date.
*Thread Reply:* Oh wow, that’s concerning. I guess I’d be tempted to give up at this stage. Ask them to turn it all off and put it all back in the box it came in? Perhaps they don’t deserve a mobile security solution after all?
*Thread Reply:* haha i dont think the sales team would be too impressed if i did that 😛 ive managed to prove it as a poc with iOS for now but i ended up just advising them that the CA would be required for iOS
I really wish there was a tool like Apple Configurator for Android devices! >.<
Maybe ill build one and become rich 😛
That’s the great thing about standards, there are so many to choose from…
Anyone has customer/users in Egypt? We have received reports that users there are not able to connect to our servers. A client Diag shows no connections via DC or relay and I'm trying to find out if it is just us. Thanks
Come on......who let @Matt Carter in here? Sorry Matt, couldn't resist!!! 🤣
If so, do you have any training material for it?
@Damian I’m not, but the Candidate Handbook is helpful to know what domains will be addressed in the exam. Did you download that already?
@Sures Velauthapillai has joined the channel
New iOS 11.3 podcast with @aaron now live at https://www.mobileiron.com/en/smartwork-blog/podcast-apple%E2%80%99s-ios-113-release-ready-business
where is Mobile Application Management in 9.7
Anyone know the official name for the device setup process on Android? i.e. device setup on iOS is officially ‘Setup Assistant’. Does the Android equivalent (particularly: the non-OEM Google account parts) have a name?
I believe it's simply the "Google Setup Wizard" but I've seen it refered to as the "android setup wizard" too
Looking at the name of the app it's self... It's called com.google.android.setupwizard
@Benjamin Orsini has joined the channel
Folks, just checking in from an admin perspective.
Is everyone generally happy with slack? Would anyone choose another solution for the 200+ members we've now got on board?
I've been pondering how this will scale..
*Thread Reply:* Slack has been fine for me but I'm not a heavy participant here. I'd be happy to see about other mediums if there is another platform that would work better.
*Thread Reply:* Slack is good but soon may reach the limits of the free tier. Discord could be an option
*Thread Reply:* We’ve surpassed the limits already, as far as I see it’s only message history we lose. That does mean solutions to questions and whatnot will eventually get lost though.
Discord, Discourse or Rocket.Chat come to mind.. depends I guess on the format people are happiest with. I wouldn’t change anything for the sake of it, even less so if people decided not to migrate (if it even gets to that point).
*Thread Reply:* What about Atlassian’s Stride? Is that a serious contender yet?
*Thread Reply:* I am liking Slack. I’m in it daily anyway for 3 other communities (including our own corp), and like that it is close at hand?
*Thread Reply:* That’s why I dig it the most, @aaron. I can Apple-Key+1/2/3 and immediately come over from other teams. I don’t want another app 😆
*Thread Reply:* I'm a fan of slack, and I think the history is still here, just no longer searchable further fact than I think 10k posts.
*Thread Reply:* Cool, as long as folks are happy
Does anyone know of any solution that can centrally configure a users email signature on iOS and/or android?
*Thread Reply:* Exclaimer I think can do it: https://blog.exclaimer.com/optimizing-email-signatures-for-mobile-devices/
*Thread Reply:* Wow - That is slick. I still can’t believe Apple hasn’t baked-in something to handle this in the Exchange config side
*Thread Reply:* I can't imagine it would be too hard to add an API in that you can populate with the wild cards. But in fairness support of advanced corporate functions in their mail clients across ios and macos is desperately lacking! (Reading encrypted mails and mfa comes to mind!)
Anyone have any experience with Mobi (mobiwm.com)?
Looking at centralising our device lifecycle management processes (TEM, device procurement, renewals, Emm integration, analytics etc) and they seem to have a fully featured product.
We used to use them years ago @Simon Hardy-Bistagne (when I was at Kindred). They were great, but we had to eventually wane ourselves off b/c of the expense
We use Mobi here heavily, although I’m not involved with them directly. From what I see, good things
I’m a fan of MOBI as a partner @Simon Hardy-Bistagne
Class act and knowledgeable
I imagine they do a good job with those other guys too
A warm welcome to @alan bavosa from AppDome! He and his team will be manning the #v_appdome channel for anyone who has interest in Fusing services into in-house apps, with no code or coding required. https://www.appdome.com
*Thread Reply:* Thanks for the warm welcome @Woody. To all here, here's a great video showing the Fusion of Okta SSO with OpenID to the Jive Daily iOS app. https://www.youtube.com/watch?v=mGH-ZoXwq6o
*Thread Reply:* Great to have you, @Jan Sysmans! If anyone has questions about AppDome product offerings, they have graciously supplied several resources (@alan bavosa/@Tom Tovar/@Jan Sysmans) to man the #v_appdome channel 👍
Hi Everyone, quick droid question, if the user removes the mobile@work app it blocks access to secure apps. However installed certificates and wireless configs appear to stay on the device. Is there a way to remove these if someone deletes mobile@work? Thanks Al
You would need to configure a compliance action and incorporate it into the security policy for Android devices. For example a Quarantine compliance action applied to the required app rule in the security policy.
Thanks Mark, i’ve been playing with that but can’t seem to get it working.. How does core know the app has been uninstalled without the app being present on the device to check in?
@Al Platt are we taking a native Device Administrator scenario here? If you go Android Enterprise, the M@W app is what procures the work persona and cannot be removed (without retiring the device from management). On a related note, Device Administrator is scheduled to go away... https://bayton.org/2017/12/google-is-deprecating-device-admin-in-favour-of-android-enterprise/
We’re mainly iOS so these are a handful of BYOD Android devices so no Enterprise. They’re enrolled via the app. The issue we have is the non removal of the wifi setting if the user leaves and removes the app before we retire the device. Also concern over certificates being left on the phone although I don’t think you can get those off the device without rooting.
That sounds like the Android I used to know (prior to Android Enterprise). If they’re that concerned about items being left on the device, they really should consider an AE Work Profile. It’ll be a much more uniform experience across the board, for the user and administrator (in terms of security controls and enforcement of policies).
Yeah, I’m from the Apple world and the whole Device Administrator thing seems backwards. AE looks more like what i’m used to in terms of MDM
Yeah, it was the best they could do at the time. Going forward I would focus on Android Enterprise (Android for Work). Check out @Jason Bayton’s articles. He’s got everything you’ll need to jump start the program in your org.
Sweet thank you, it was something i’d planned on looking at but not given it much more time due to the small number of devices we have. But looks like it’s back on the list.
*Thread Reply:* I like the redesign of your website!
*Thread Reply:* When did you last visit? It's not changed really in over a year 😄
*Thread Reply:* About 2 months ago 🙂 But I see now what's changed: Last time I always looked during working hours so I got the day theme every time, this time I got the night theme. That's why it looked so different. Definitely like the night theme better (can't wait for the dark theme on macOS either!)
*Thread Reply:* ah ok! Glad you like it 🙂 seemed like a good idea given it's such a light theme otherwise.. mostly from writing at night and dealing with the glare myself 😄
Thanks guys, given me some reading material for the weekend 😀
@Al Platt If you have access to the MobileIron documentation, make sure to read the CoreDeviceMgmtAndroid9700.pdf (Device Management Guide for Android..).
For this to work; create an App Control rule (Apps > App Control) with as Type "Required" and Identifier com.mobileiron (which is the ID for Mobile@Work) Second, go to Policies & Configs > Compliance Actions and create a new action and specify what needs to happen when a device is out of compliance. Now edit your security policy and scroll down to Access Control > All Platforms, select the checkbox at "when a device violates following App Control rules:" and in the list for Required app control rules make sure the App Control rule you created is set to Enabled.
Obviously, best to test it first with a limited amount of users (for example, with the security policy applied to a manual label with select users). If you configure it incorrectly, all devices might become non-compliant, configurations removed, etc.
Chapter 8 of the Guide mentioned has more info on Managing Compliancy . For App Control rules you would need to have the Apps@Work documentation (page 15). Security policies are explained in the more generic Getting Started with MobileIron Core guide. All can be found here: https://community.mobileiron.com/community/micore/product-documentation/core with valid credentials.
Use the "Identifier Equals" rule type btw, not something like "Name equals" to circumvent false positives.
@Mark Vonk Thanks, this is what i have setup but it doesn’t seem to remove the WiFi config from the device (i have remove all configurations ticked in the compliance action) Will keep testing while i try and find out who’s already registered out domain to setup Android Enterprise. Thanks for the info.
Welcome @Jan Sysmans! He’s with w/ #v_appdome as well!
@Adrien Blaise has joined the channel
New offering from EBF: OnBoarder. I’m curious, are sales reps from EMMs actively bundling/licensing this as a means to ease customers over to a new platform? It almost makes sense to save R&D dollars as an EMM and just recommend their tools. https://ebf.de/en/products/ebf-onboarder/
*Thread Reply:* Thanks for sharing this, I was not aware of EBF before.
*Thread Reply:* Welcome! Those guys are rock stars. I think @Fabian would agree 🙂
*Thread Reply:* From the looks of it, it does look amazing.
*Thread Reply:* It’s as good as it gets, in terms of where we are with device management (and not being able to script additions/removals with embedded agents/services)
*Thread Reply:* It looks like they will be adding migration to MaaS360 to their offering.
*Thread Reply:* Has anyone real field experience with the tool? And what’s the cost? I’ve 15K devices distributed over 75 countries, mix of Android and iOS.
*Thread Reply:* Just a guess. You’re affiliated with the EBF peoples?
*Thread Reply:* See: https://ebf.de/en/blog/launch-of-ebf-onboarder-for-mobileiron-at-mobileiron-live-2018-was-a-resounding-success/ ;-)
I know they've been used for some pretty massive migrations (100k users from Airwatch to intune) and I've had a brief look at them. Was pointed at them by Microsoft.
Marco and his team have built a great product to simplify both small and large migrations. It agree with Eric, this is something that should be bundled as part of your PS migrations! Life made simple.
If anyone is at InfoSec London this week, please do pop by and say hello - we’re stand-sharing with Aruba.
Hi all, I’d love to hear more about the EMM/MAM/MDM migration use cases.
check out this video to see how you can implement any EMM SDK end-to-end in under 5 minutes. This example shows Microsoft Intune. https://www.clearslide.com/view/mail?iID=5772DCfXZMkvb99L2DLz
And I recorded that video myself, while doing the implementation. So feel free to ask me any question about the implementation.
@Julien Mennegand has joined the channel
@Gregory Bajon has joined the channel
Hi, quick (hopefully) question. I’ve now setup AE and have the managed play store. Adding apps is great but about the mobileiron apps…. EMail+ and Docs@Work i can see on Play, do i just provision those to users instead of the in house ones from Core? Also Web@work… tried adding this to play but says the apk is too big… Assume im missing something here?
*Thread Reply:* There's no Play w@w, you'll need to use Chrome & Tunnel or public proxy for now.
The others need to be configured via managed app configs within the app on Core once imported from Play because indeed you don't use the in-house ones any longer!
*Thread Reply:* Web@Work indeed, not available. But Docs@Work and Email+ are.
You should use the Play Store app, not upload the AppConnect versions to your managed play store. Check, for D@W for example, the following guide: https://community.mobileiron.com/docs/DOC-6363
Great, thats what i assumed but wanted to confirm, that was the case.. web did have me puzzled though… thanks as always guys!
@Xavier PIERROT has joined the channel
Anyone know of any good way you can manage AD on mac?
*Thread Reply:* I usually go to the MacAdmins slack for this kind of question, they have channels for everything including #activedirectory
*Thread Reply:* Sign up here: https://macadmins.herokuapp.com/
*Thread Reply:* I spend most of my time there that's why I'm not here so much 🙂 I wish it would be possible to combine channels from different slacks in the same view so I don't have to switch all the time.
*Thread Reply:* For a while it was possible through the IRC bridge but they just killed that
*Thread Reply:* I was recently advised of NoMad https://nomad.menu
*Thread Reply:* Check out Apache Directory Studio.
*Thread Reply:* http://directory.apache.org/studio/
*Thread Reply:* @Jay: I think Simon means a replacement for Windows' Directory Users & Groups panel (Microsoft Management Console plugin). By the way I'm deploying NoMAD in a pilot currently but not that happy about it.. We're binding to AD and while it adds some nice features it tends to confuse the users as well.
*Thread Reply:* @jafullersr Thanks for the tip! I didn't realise that existed. Will try it out
*Thread Reply:* No way to manage AD natively on the Mac, a VM is the way to go for that. Powershell for Mac doesn’t even have AD modules available. I can vouch for NomAD though as well as Enterprise Connect. Binding macOS brings very little benefit apart from kerberos and certs for 802.1 which both of those apps get around.
Any news about the Gartner UEM MQ? Usually EMM MQ was released end of May or early June...
The mobility Gartner folks are massively behind schedule with a lot of their reports at the moment.
The managed mobility service providers was around 3 months late I think.
Has anyone migrated over from on prem to cloud? Is there much pain involved (ie MDM certs or needing to re-enrol) or is there a migration path?
There are tools to migrate, even if it's not perfect, they do the job (remove the old profile automatically and provision the user on the fly)
@Al Platt How many devices you want to migrate?
About half and half, i really don’t want to be re enrolling devices though. I just wondered if there was built in functionality in cloud console to easily migrate but it sounds like a no.. I’ve done similar with Jamf Mac rollouts but on the whole that’s a ton easier as you can script stuff. Sounds like there’s no native functionality for this then?
Nope, the MDM cert will be replaced, so all management profiles and settings need to be replaced. Tools can help with the migration of the policies, restrictions, labels, etc., but no simple way to transfer from one management tool to the other.
Please contact your MI Sales representative, they are working on a solution to migrate
@NicolasR Any progress since this was promised a few years ago?
it seams that product team have an available demo...
Interesting. Sounds like some progress has been made, which seems positive!
I know that MI Client will be able to communicate with both CORE/CLOUD
Curious - Has anyone worked with or demo’d Sophos?
Intercept X is kind of what I’m curious about @macbentosh
Curious how much they’re able to do, with/without a client installed, etc
Hi, EMail+ for AE and S/MIME certificates, from what i understand the user certificate enrolment doesn’t work? So i’ve email myself the certificate and installed manually to the keystore.. It works for signing but seems our digicert ca is untrusted. Is there an easy way to add the CA as trusted in EMail+ (used to be easy with app connect) Thanks
*Thread Reply:* stand by, asking someone with more experience on this, Core?
*Thread Reply:* Thanks @Alex Mercer Yes it’s on prem Core
*Thread Reply:* I think you need to use $Cert_Alias:SCEPNAME$ (likely Core)
*Thread Reply:* OR emailcertificateX where X is 1 through 10 (likely cloud)
*Thread Reply:* not sure if thats both core and cloud - Email+ for iOS Guide is where I see that
*Thread Reply:* I have $Cert_Alias:CertName$ but this is a user certificate not SCEP. From what I’m reading, User certs aren’t supported in the Play version of EMail+… We can ask users to install manually but the issue is it doesn’t recognise the CA as being valid.. This is for Digicert issued SMIME.
*Thread Reply:* Sent you screengrabs on Direct Message.
*Thread Reply:* ill be away for the week…. @egantner maybe you can chime in here?
*Thread Reply:* The email certificate kvp should do, at least in regards of adding your CA to the email+ trust store.
*Thread Reply:* Sorry to have to pick this up again (sidetracked on another project) The kvp already pushes the cert to the device, that works fine. Its the fact that the cert is classed as invalid and any others that are received are untrusted. Seems like email+ isn’t looking at the trusted CAs or something.
*Thread Reply:* Did you push CA certs to email+ ? Email+ does not use the default device trust/ca keystore I believe.
Does anyone have any end user test scripts they'd be willing to share?
eg, send email, delete from outlook, see if it replicates, delete from handset, see if it replicates, add calendar event etc.
@Maxime Chardome has joined the channel
Just realized we don’t have a channel for JAMF. Would it be beneficial to anyone?
Speaking of JAMF, anyone know what’s required to link Pro up to an AD/LDAP environment?
*Thread Reply:* I think it would be handy. Surely there must be a few people on here who use JAMF/
*Thread Reply:* @Woody are either of these services hosted?
*Thread Reply:* Excellent. We’ll get a channel created. @jafullersr the JAMF instance is hosted. AD/LDAP is still on-prem for the time being.
*Thread Reply:* Have you checked JAMFNation? I did a cursory search there and didn’t turn up anything specific to this sort of setup.
*Thread Reply:* @macbentosh Was just curious about how to establish a connection to an on-premise LDAP env from a JAMF Pro cloud instance
*Thread Reply:* So, that appears to be the Infrastructure Manager?
*Thread Reply:* does a lot of their work. It is also their healthcare listener
*Thread Reply:* That’s cool man. Appreciate it @macbentosh
Has anyone see a message asking for credential storage password? User hasn’t set anything and this is a fresh wipe and reprovision. Using Android Enterprise on an LG-H870DS running 8.0
Are there PIN Settings on the device configured? I believe that’s what the prompt is tied to
BTW, #jamf was just launched 🚀
@Matthew Shaver user has a 6 digit pin as do all our other devices, its only this one thats causing issues.
and user says initially everything works after enrolling then it starts asking for the password… its weird
I think, and I could be wrong, there is a system setting that can disable this, it’s usually tied to something else being configured like VPN or Wifi. I’ll see if I can dig up the old article I’m referencing
I can’t find the actual article, but this is the forum post I used when this came up a few months back: https://forums.androidcentral.com/google-nexus-7-tablet-2012/301151-credential-storage.html
Thanks, the user is actually one of our helpdesk guys so i’ll ask him to pick through that post.
*Thread Reply:* I associate IBM with Domino which lost a lot of customers to Exchange over the years but nice to see them back in the game. What’s the deal with BigFix?
*Thread Reply:* BigFix is Client Management Tool to manage Legacy PC
*Thread Reply:* which is missing to MobileIron UEM
*Thread Reply:* Well MaaS360 has also been a leader for 6+ years now
I've worked with Gartner on their mq's for a number of years... Take them with a large grain of salt! (But I think we all know that!).
Would be good to read what Gartner have bundled into their uem definition for each of the platforms on the list...
Microsoft I'm sure isn't just intune... Probably ems... But do they include aad etc...
Definitely will try and get my handd on the full report.
Thanks!
Interesting read... Spelling mistakes throughout (starting in the first bullet point).
Does mention sccm in the ms section etc. Can't say as I agree with all of the content but good to see it.
From what I understand of this: No one have real large scale UEM on the same platform. Some have large scale deployments for PCs, others have large scale of mobile or some of them have both but not at the same time.
Confirms that it’s really difficult to have as of 2018 a real UEM deployment.
What seams to work is the conditional access, either MSFT/VMW/MOBL
I think the real UEM deployments will be analysed for 2019 MQ
Hey everyone! #conferences has been created. For all general things pertaining to past, current or upcoming industry conferences.
Good call with a few coming up and for planning. 👍:skintone2:
Curious, has anyone heard of https://www.fleetsmith.com?
As you I guess, just recently with @Jack Madden article :-)
BTW, I’ll give a plug here that if anyone has used Fleetsmith, and is interested in writing about your experiences for our freelance program, let me know! (main rule is that we can’t pay people that work at vendors to be contributors).
And in general, if you’re interested, let me know. I have a long list of topic ideas that I need help digging in to!
After my holiday (in September) shoot me a DM I’m interested
@Alex Chappuis has joined the channel
@Martijn has joined the channel
Hi all, Jayson thanks for inviting me to this channel!
@Dan Cuddeford (Wandera) has joined the channel
👍:skintone2: excellent to see some familiar new members 😉
@here would anyone benefit from an #AppConfig channel?
I could use one, starting with a discussion on AppConfigs for Concur
For sure!!! We get requests for public apps to be deployed all the time, and alot of the time the app developer doesn't even know what appconfig keys have been built in
I'm looking at you box..... 😡
Btw.. share those concur appconfig settings please.... 😉
@Woody I would be interested. Unfortunately we are in the same boat as @Simon Hardy-Bistagne. Microsoft says that they are Appconfig compatible so I would like to have a discussion around that as well.
Just a reminder about the new #appconfig channel. If you’ve got a couple gems that don’t happen to be found publicly, feel free to come over and share :)
@Rodrigo Borges has joined the channel
So I’m at a partner-led EM+S training event today and tomorrow. All going pretty good until the guy started talking about Android Enterprise and how much easier it is to manage legacy Android devices. Good lord.
Lol... Yeah we had a 3 day workshop with Ms a few weeks back... Their Android side of things wasn't overly on point
It wasn't bad... But it lacked the "real life" feel to it
I’m going to speak to the trainer at the end and offer to cover off AE & Intune for the class tomorrow if desired.
“That’s not how this works. That’s not how any of this works”
I’m with colleagues here, we peered at each other across the room
I think the best one was when he said Android Enterprise (note the generalisation) creates multiple versions of apps and it can’t be managed like iOS where you can use work and personal apps together, it’s much more confusing
I’m pretty sure he nullified iOS managed apps at the same time mind.
One day, he said, pointing to work-managed on the slide, we will be able to manage Android devices as business only with no ability to install any other applications, like iOS.
At least you stayed calm and didn't hulk out!
Pulse raced a little. “Shall I interrupt the guy? Shall I see where this goes?” I’d want to eject some know-it-all who made me look like a dickhead in front of a room full of people 😄
I can respect not breaking out the old "do you know who I am"....
Though I would surreptitiously ask him to Google Android Enterprise and look surprised Like when bayton.org pops up
Although Im sure I'm the world's worst attendee at these types of things....
Noted, I’ll be sure not to invite you to anything I run 😜
Good idea!! Although I'm normally good if there is the promise of a beer at the end of it ;)
“I would like to see the box of cereal you eat each morning that encourages you to spread these lies to a room full of people, good sir”
The “good sir” makes it polite
@Jason Bayton how you managed to keep quiet yesterday I do not know! Rest assured I will be doing my best at the next Windows Management User Group in London to present Android Enterprise effectively (And crucially how far behind Microsoft is with Intune) There will be at least 6 Enterprise Mobility MVP's in attendance so hopefully the message will get across. I would be interested to know the partner who was presenting EM+S to you (although probably not fair to name and "shame" publicly) maybe you can DM me?
He put my website up on screen this morning after I brought it up 😆
Just checking... Was he using your own site to argue with you... Or to praise you ;)
You’re a bigger man than me @Jason Bayton
Anyone used IBM Cloud Identity alongside MaaS360?
@Mohamed Zakaria has joined the channel
Curious - In terms of managing ChromeOS, are there any players emerging?
*Thread Reply:* Okay, I stand corrected. Did not realize Workspace ONE UEM (AirWatch) was equipped at this point
*Thread Reply:* https://www.youtube.com/watch?v=_TsCn9mKNf8
*Thread Reply:* It’s all a double billing process right now, really about convenience more than features. We’ve had a bunch of people POC it, and most of them change their mind after about a week 🤣
*Thread Reply:* @Matthew Shaver Thanks for the feedback. Yeah, what’s there appears to be pretty rudimentary
@here anyone dealt with Virtru DLP for G Suite, O365, etc?
Never seen that but it seams interesting !
Hi new folks! Check out theses popular channels to get stuck into conversation, and don’t forget to have a look around for others, or make your own! 😎
#airwatch #mobileiron #maas360 #microsoft #androidenterprise #iosgeneral
Welcome @Tinus @TedStryker @Jamsy @Carlos Martin and @Mirko Bülles!
Hey Eric. There you are again 🤣
Somehow we always seem to find back again.
@Simon Hardy-Bistagne I really wish I could say I’m shocked. Dude probably keeps a spare key to his mansion under his door mat.
@Woody I think you should test that theory.
General question it there on how you handle MFA/2FA during mobile device enrollments.
Do you enforce a second factor of auth after username and password for enrollment?
If yes, how do you get round the chicken and egg scenario if not being able to recieve the 2nd factor until after your enrolled?
@Simon Hardy-Bistagne I recommend 2FA to safeguard the enrollment process (because for most, once enrolled the flood gates open and everything is accessible). Okta allows for enrollment into MFA during the initial auth request. Once complete, the EMM auth will then utilize the MFA that was established.
*Thread Reply:* No, not with DEP. If it eventually supports SAML I definitely would.
*Thread Reply:* DEP is where we would like MFA as well. But in a round about way, it is multi-factor. The device is enrolled to DEP, which is managed by your company administrators. This also is a certificate/token that is brokered between your EMM and DEP. Then having the user enter a username/password to enroll is a second factor. Something you have (device) and something you know (password). Not quite… I know.
*Thread Reply:* Agreed.
It's the whole chicken and egg scenario.
How can I send them the 2nd factor push message if they're not enrolled yet.
Sadly it revolves round a poor MFA Implementation on our end.
*Thread Reply:* The fact that the device is going to end up in management is kind of a nice second hard factor
Who knows anything about BitSight scores...?
Anyone have a real deployment of UEM like the UEM vendors slides/Gartner MQ describes it? What about Windows 10 co-management with SCCM + AW or MI? What about macOS in that environment ? What about scalability? What about legacy management (Windows 7) I have a lot of questions that seam to be with no answer or maybe no satisfying answer...
Even when talking about InTune standalone I don’t see real PC deployments at a large scale like we have with SCCM, at least for use cases like the ones that require SCCM. Yes Win10 management with intune exists but mainly for Lightweight management of surface/laptops
Lots of promises that doesn’t seam to be usable in real life
Stare into my crystal ball my friend!!!
If you're an SME, I think the transition to a UEM is going to be light weight an quick.
If... You're a 182 year old company like ours with 180k employees... You tend to have a couple legacy apps kicking around that make that transition just a little bit more difficult!!
We've made a start with modern devices and putting them into UEM (so that's iOS, Android, Macos, and byo windows).
The issue is always going to be around 2 areas when making the fill migration...
1) legacy apps and the need to ensure able to replace sccm with a UEM, and moving away from patch management towards apps which are every green
2) internal politics and the crap that security teams try and pull because they live in the past.
But to answer your question... No sizable company has gone full UEM unless they're a breakaway from their parent and going for a new new management environment
👍 thanks for this feedback! Very useful and interesting. Do you think one day this will be ever possible to clean up that legacy and start a real UEM Or the day which this legacy will be not an issue anymore, the technology will change again and we start over a new phase of roll-out? (Like windows based on Linux kernel or macOS for everyone, or Chromebooks... hum LOL...)
My point of view is that unifying two worlds that are so different is too challenging for companies and keeping at least two type of softwares will be necessary for most large enterprise use cases.
My Cristal ball say that Jamf and SOTI will somehow drop in that race. Jamf: too much Apple oriented and macOS is more and more addressed by standard EMM/UEM vendors SOTI: AE is very standard and the value proposition of SOTI is dropping
If I were a betting man...
I'd say JAMF will be them selves bought by Microsoft (or Apple if they ever decided to enter into the Enteprise space with both feet, which is not overly.likey today).
I honestly think that UEM is a real opportunity, but it needs the buy in from the business that all those apps you use, and process you have put in place can be up lifted into this new methodology.
I think that in the mobile world, the management model has been created, and it's the desktop world that had to catch up.
Macos is closest, but until the major app makers get onboard to make deoyment better it's still going to require effort around app pckagaing and deployment. (I'd love to see the Mac app store populated will all my Enterprise apps and configurable like iOS apps are).
Windows is coming, but they’re taking baby steps to setup intune as the UEM of choice.
First comes autopilot, and azure ad, which allows for the hybrid management, then it’s a case of moving over those apps into a modern deployment as and when they come up for renewal.
It’s a long process, but I actually do see a word where we can move to a single UEM platform.
Oh.... I am though taking account of that 80/20 rule... there will always be industrial IoT platforms which are out of support, or so business critical they sit in their own vlan away from the rest of the business that means some kind of legacy management needs to stay. But for the majority of “business” users, I see no reason why UEM should be a reality.
Agree for the Jamf part (acquisition by Microsoft, I don’t think Apple)
macOS management with UEM is close because we are starting a new blank page for most of the users, no or few legacy + comes from executives.
Windows for me will stay managed by Microsoft tools and there will be MANY vendors that claim to secure windows or provide virtual apps or provide CASB...
Agree also for the 80/20 rule and the specific business needs.
Thanks providing me this feedback. Very interesting.
If someone wants to add some thoughts to this philosophical discussion 😉 don’t hesitate! 👌
I feel an op ed on Bayton.org coming!! Lol @Jason Bayton
I love this discussion so far.
Device management follows a familiar pattern, I think: niche -> mainstream -> utility. By “Utility” I mean “it doesn’t matter who I buy it from” aka “someone gives it away free” (customer perspective) and “you can’t make money selling it” (vendor perspective). MDM for mobile is basically a utility today. The APIs are all there, it doesn’t really matter who you buy it from, and some vendors are practically giving it away for free.
It’s standardization. And it generally a good thing — unless you are in the business of selling a niche product and you don’t evolve with the times.
iOS management used to be a niche but is utility today. Everyone offers the same set of features. Mac management used to be a niche but is now mainstream (more or less) and will soon become a utility.
JAMF’s future? Get acquired by a larger company and become a “feature” (e.g. AirWatch in VMware’s world) or go it alone and good luck to you (e.g. MobileIron).
I think they are smart and will soon be acquired.
Gents, this is a great thread around the philosophical nature of where things are going. And I agree, mainstream large-scale deployments of Win10 and Mac OS with UEM are still a way out there. I see the problem is that there is too little consistancy with the controls that cause the customer to question if it is even worth moving off SCCM for Win10. Too many caveats for this and a caveat for that and not every customer is fully standardized on specific builds, version, etc.
And we work a ton in the SMB and MME and see a whole lot of inconsistency. Could only imagine the internal politics and burden on support of having to deploy 180k laptops. Not quite sure the juice is worth the squeeze yet. I agree with Aaron that it is yet to hit mainstream, unlike some of the more modern endpoints out there.
Posting this here as there is no G-Suite channel. Any way to send AppConfig to G-Suite apps on iOS?
File it as a feature request for them, please and thank you.
The Google Account payload is a close as you get, but most customers want to use G-apps, not the native apps.
Sweet! Even better...I expect to see the feature added in the next rev!
This customer wants native but g drive and other apps are not provisioned
...not that it would take them a lot of time to implement, but what do I know...
Would love the opportunity to meet some of our EMEA folks!
I'll be there (I live there anyway so it's easy). Don't have time to go to the full thing but I'll attend for sure
Thanks Tycho for the invitation. Thanks @Woody
@Daniël Kraaijeveld has joined the channel
General question for some of you who use a separate IdP: why use an IdP next to Azure AD and ADFS? I see some of you use Ping or Okta also. What is the added value in using these, with or without Azure AD? What do these bring to the table with regard to Mobile? Single sign-on? Does it work well with your UEM? Anything it adds in that space?
*Thread Reply:* Politics and ownership are the reasons why you might have a 3rd party idp vs one that might play better with a mobility platform.
Those who run the IAM team are potentially disconnected to those who run the infrastructure such as sccm, or mobility.
They will have drivers around federation into other platforms and potential custom integration into internal tools or platforms which may be easier and cheaper outside of the Microsoft ecosystem. Ping for example has api integration capabilities that can carry out conditional access based on say the airwatch compliance status.
Policy control might be another area that some idp may be stronger in.
If the mobility team ran the world, the choice we might make may be different. If you’re a WorkspaceOne house, you might opt to go down that route for all your idp. Same said for MobileIron as existing contracts and agreements might make simply enabling that function simpler than getting in a new provider.
The same issue actually is what prevents UEM from exploring. Mobile teams govern mobile, and desktop teams govern desktop. And for the mobile teams to try to introduce something like WorkspaceOne as a replacement to sccm is a hard sell.
This though is where Microsoft have a massive leg up. They already talk to all areas of the business, from mobile to desktop to infrastructure. They are already seeding intune as the UEM of choice, and if they can play your internal company politics better than you can, then you’ll soon find it being pushed in that direction.
*Thread Reply:* Hi Simon, thanks for your info and honesty 🙂 From a mobile perspective, can you integrate Ping enough to get it working? Any cases where Ping adds value in addition to UEM?
*Thread Reply:* So MaaS360 has a similar approach from the UEM perspective and bundles IBM Cloud Identity as its IDP. This means customers get full SSO for Mobile apps and Browser for 100's of predifined SaaS services and there is no need for complex integration with the UEM platform. As an IDP it works well with ADFS and other platforms so no need to dislodge other solutions... but
*Thread Reply:* I'd agree with Simons point that "This though is where Microsoft have a massive leg up. They already talk to all areas of the business, from mobile to desktop to infrastructure. They are already seeding intune as the UEM of choice, and if they can play your internal company politics better than you can, then you’ll soon find it being pushed in that direction." - I experienced this all too well in my IBM days
*Thread Reply:* Its like fighting the tide in many cases - you struggle to gain a foothold and when you do, its eroded over time.
*Thread Reply:* I would also argue that the case was different a few years ago, but MSFT have been working hard to create feature-parity for the common use cases, reducing the clear water between offerings. I would also posit that a significant number of enterprise-class organisations wish to keep their AD on-premise, and use an IdP for cloud access management and as an alternative to AD forest creation and dissolution.
*Thread Reply:* Unfortunately, some of the more advanced use cases do often require upgraded MSFT licences, so the old bait-and-switch approach is still alive and well… 🙄
*Thread Reply:* On VMware side, using VIDM as a second IDP is interesting for two main reasons: 1) using VIDM in addition to ADFS or Okta will add conditional access. In that case only enrolled and compliance devices will be able to access to your enterprise apps. 2) VIDM is designed for native SSO mobile apps (which is the only solution to do that)
Hence, having multiple IDP is for having tye best-of-bread of each solution
*Thread Reply:* **reminding myself to respond to this when I get back to my keys 😁
*Thread Reply:* I can attest to that @Maxime Crouzet as I believe we were the first in France to put mobileSSO in place for our iOS & Android mass deployment! Works a treat @Woody I’m sure you remember all our discussions on this 😉
*Thread Reply:* Thanks for the replies guys. @Maxime Crouzet how does that work from a user perspective? For example on iOS? What does the user get on a functional level?
*Thread Reply:* Exactly, A unified catalog and an authentication with no password !
*Thread Reply:* Why use an IdP next to Azure AD and ADFS? I see some of you use Ping or Okta also. What is the added value in using these, with or without Azure AD?
Key value add is having an IdP that’s more than an IdP. ROI through being agnostic and, having a massive catalogue of pre-integrated apps, MFA/AMFA, Lifecycle Management, Access Management, etc. As we all know, once you go with a solution that’s the center of your world… it’s tough to up and change.
What do these bring to the table with regard to Mobile? Single sign-on? Does it work well with your UEM? Anything it adds in that space?
Building on what I mentioned above, IdPs that are properly integrating should have solutions with EMMs of the world. Case in point, Okta with VMWare Workspace ONE and MobileIron Access. Seamless hand-off, allowing Workspace ONE and Access to do what they do best (device enrollment/posture check/Mobile SSO), then closing the loop and sending signals back to Okta to allow or deny access based on their findings.
*Thread Reply:* Sorry, it’s early and I’m jacked-up on coffee. LMK if there are any areas you’d like me to elaborate on 🙂
*Thread Reply:* BTW, I’m with Okta, so I’ll update my avatar to reflect that 🙂
*Thread Reply:* Actually it does not really show (write it under “what i do”. But I was aware that you are okta
*Thread Reply:* With okta... small difference ;)
Welcome newcomers! @ninex @Maxime Crouzet @Mitch Berk @RT @Shiv @JF Rigot @Daniel Pendlebury and @Rui! 👋:skintone2:
@Nathan Fierley has joined the channel
@Ashish Sharma has joined the channel
Howdy folks! 👋 I see some familiar names joining us 😎
Check out the available channels to suit your interests, feel free to introduce yourselves and update your profiles so we know who you are and what you do!
There are custom emojis: :vmware: :appaloosalogo: :androidicon: :blackberry: (etc) which can also be used as status icons should you want to align with a vendor, but if you'd prefer to stay stealth that's ok too 👍
See you around!
@Willem Verstegen has joined the channel
@Jeroen J.V Lebon (Open for new opportunities) has joined the channel
@Emmanuel Beucher has joined the channel
@Manfred Bremmer has joined the channel
@David Arvidsson has joined the channel
Wow so many people! Hello friends! Be sure to check out the list of channels. That’s where the real chatter happens.
Nice overview of device security, Android and iOS: https://drive.google.com/file/d/1nenbopuBh64yrxa51xI81OMjWlm6DwbI/view
Hello everyone. This is Jethro. I'm from Malaysia.
Hi guys, I’m Florian, product manager of WizyEMM
@James Pickwick has joined the channel
It's only as good as the contributions! We're lucky to have so many good knowledgable members.
Wow! What a mass influx of peoples. Happy to have you all. Welcome!
Hi all, Now Denmark is also represented 😁
@Farhan Saifudin has joined the channel
@Zlatan Pervanic has joined the channel
Hi all. It's Tom here from New York City. I've worked with both VMware Workspace ONE UEM and Blackberry UEM. Looking forward to learning from everyone.
@Jason Bayton I’m thinking we should get a world map of members up now! Fantastic to see so many new faces 👍:skintone2:
I think that’d be cool! Or at least one of those “members in X countries” brags up on the website when it’s ready
I like it... Need to see how you can get the data out of slack
*Thread Reply:* I’m sure it’s there, if we upgrade to a paid plan 😆
Hello All, I'm Yassar from India.
/poll “In what country do you live?” “Africa” “Austrailia” “Asia” “Europe” “North America” “South America”
(pedant mode enabled) Ahem, continent rather than country? 🙂
Not here... but... we have users asking for support (mainly BYO).
I’d like to, looks interesting to support, but not today
Curious as to if it could manifest into a more “modern” desktop platform. Leveraging SaaS for the majority of its core services, etc. Obviously it’s already lending from Android, Zero Touch, etc.
For me... it's the hybrid between the iPad and the laptop... i think there's a place for it, but can't see massive growth.
Hello everyone. This is Dominic from the US. I have experience Good/BB, Airwatch, MobileIron, and more currently Citrix XenMobile(now Endpoint Management). Look forward to some great discussion!
Hello @DGambinoII! It’s a pleasure to have you. Lots of experience you bring to the table!
@Mathieu Maillet has joined the channel
Do you have to integrate your mobility environment with #O365 without the help of #Intune? Which challenges are you facing? Which issues make you cry? Or: Is everything just working as expected?
@Peter Meuser So you’re asking if O365 can be rolled-out/secured without using InTune? Yes, it sure can be. Microsoft is making it easier by the day.
If you’d like to head over to #microsoft there may be more folks who can chime-in without blowing-up the Lobby, hehe
Woody, I see an O365 integration as one of the base challenges for every mobility environment. VMware, MobileIron & Co. do their best to keep up with the proprietary AAD world (e.g. conditional access).
Yeah, intune isn't a prerequisite for o365. You can skip conditional access entirely and setup Powers help for mobile email access.
I am interested to hear how the perception of this challenge is so far.
(independent from what the vendors try to sell you)
It also depends what you want to protect. You can just leave all access as is and you'll have full mobile access.
If you want to secure the office apps though and lock access down to Yammer teams OneDrive etc to secure apps then you will need some of the intune capabilities
What do you think about Per-App VPN for AAD authentication to identify access from managed devices?
For max flexibility you want to exactly define, which clouds apps are available from compliant devices only and which can also be consumed on (private) unmanaged devices.
I'd prefer sso though user certificate authentication myself as it's less Infrastructure intensive.
How do you transport the CBA status to Azure AD?
So far only MFA before AAD can be handed over as claim.
Yes I know, you can use CBA for ActiveSync (Exchange Online) on iOS and Android, if you have ADFS by hand - I love this approach. Unfortunately, this does not cover all the other cloud apps.
What I’m seeing customers do is begin to force-out EAS in favor of modern auth clients.
You can deploy the OAuth flavor of Exchange profile fo iOS 12+ devices, so they’re walling-off EAS auth requests and restricting access to only managed modern clients (iOS Mail, Exchange, etc)
*Thread Reply:* We're doing the same.
It's just waiting for the Emm platforms to support the deployment which most do now.
It also puts less stress on the network Infrastructure.
If they're using aad for authentication then they should be able to use certainly based auth without issue.
Yes you can use iOS Native Mail with OAuth/ActiveSync (MobileIron, are you listening?), but this does not solve your CA challenges.
*Thread Reply:* @Peter Meuser what CA challenges? Going thread to avoid blowing-up the lobby
*Thread Reply:* Has MobileIron not yet added the ability to push the OAuth Exchange profile for iOS 12?
*Thread Reply:* We do that through a custom profile for iOS 12+ and MI Core
*Thread Reply:* MI Cloud does it by the way
*Thread Reply:* That sounds accurate for MI. I’m sure they’ll push it in a minor Core update
*Thread Reply:* Citrix SecureMail supports OAuth, and provides you with mVPN capabilities and over 60+ MAM policies. https://docs.citrix.com/en-us/citrix-secure-mail/modern-authentication-office-365.html
If you’re using Okta as your IdP, you can use IdP Discovery with Workspace ONE or MobileIron Access to engage password-less SSO
Ditto, we use ping which takes care of it all
@Woody lets say you have AAD federated with vIDM or OKTA. This might solve some of your mobile challenges (some!), but then you will lose support for Hybrid AAD Join for Windows.
@Simon Can Ping distinguish between the different cloud apps of O365? I don‘t think so.
It most likely just allows Admins to publish the different sub-apps of O365 for access by users (Excel, SharePoint, OneDrive, etc). I suppose licensing could also come into play there
It doesn't need to. If you integrate it correctly with aad, conditional access will be able to.
So you can use ping for authentication, then conditional access for further rulesets.
(Why I am stressing this topic in the lobby? These kind of topics I have to deal with most of my work time - I am happy to have some constructive discussions on the search for proper solutions)
Beat me to it @Simon Hardy-Bistagne! A 3rd Party is just going to handle the Auth of things
@Simon Hardy-Bistagne Without Intune, you just have two conditions of AAD CA at hand: trusted locations and MFA. That‘s it.
You need the azure ad permium licence to get conditional access yes
@Peter Meuser let me ask - What is the desired outcome?
regardless of specific products - What would they like to see you produce?
@Woody The challenge I am facing is always like this: We want to make sure, that only compliant devices are able to access Exchange Online and specific (!) Sharepoint Online Sites, but Yammer should be accessible from any kind of devices. And: We do not want to migrate 20.000+ mobile devices to Intune (at least yet).
Yammer - Any type of device, regardless if it is trusted/untrusted/etc?
Peter we have a similar issue.
Who is your MDM platform, and do you have a 3rd party IDP in place?
This will be almost impossible without conditional access in place as it's the only real solution which can differentiate between the azure apps and create policies based on individual apps.
@Peter Meuser is there any interest in de-coupling from Yammer in favor of something more accommodating?
This is the issue you get into when using only Microsoft
My customers are on MobileIron and WSOne UEM. If you have VMWare, you try your best with vIDM (but fail short).
They work great together… but the second you try to move outside their realm for a service, things magically start becoming less than feasible to hold together
@Woody That means, you would recommend an enterprise to choose another productivity tool, because the EMM does not support it?
What I see is, that as soon as O365 is in place, everything else has to make it happen.
I'd recommend not cheaping out on just the basic office 365. If you want the more advanced features you have to get the more advanced license. That's the Microsoft model.
The issue I see is that if the customer wants the type of conditional access you mention, the vendor should make that easier to accomplish with their IdP or a 3rd Party. By limiting your choices, they’re becoming a player I’d be less to side with
The question is: Is there are chance, that MI and VMware will stay in the leader quadrant in the upcoming years? Or will Intune be the one that rule them all (sorry Tolkien)
The issue is this: Short-term, Microsoft’s Mediocrity Mosaic may work… but if they don’t keep improving and delivering… customers are going to be less than thrilled to be stuck on such a “blah” platform
IMHO, it’s better to start with quality components for the core services and expand from there. Even if it costs a little more up front
So far, nothing I’ve seen about what Microsoft offers (besides an attractive EA) is a service I’d gravitate towards
I see some major companies moving away from MI and VMware to Intune after the decision was made for O365.
No doubt there will be some. Numbers speak. I’d like to hear their thoughts after it’s had some time to play out
When you look at the bigger picture--Pre-built integrations, Lifecycle Management, Litany of MFA/AMFA Options, Access Management, HRaaM (stuff we @ Okta specialize in), that’s stuff that AAD just isn’t delivering on
@Woody have you recently spent some time with the Azure Identity platform? I am not a Microsoft fan boy at all, but I have supported a customer trying his best with OKTA and O365 and see him struggling with simple tasks big time.
How do you see the O365 acceptance in your country? Here in Germany most of the big companies are just starting with a pilot, but all of them want to follow the Microsoft path.
So coming back to the start of our conversation: Can enterprise mobility be separated from O365 in the near future?
@Peter Meuser Yes, I’ve spent a fair amount of time in AAD Premium. I’d be happy to chat in a DM if you’re having any issues inside Okta. It’s very straightforward. Perhaps foreign because so many were raised on the MSFT platforms… but it provides many more options as the scope of what you need to deliver widens
Yes is the answer at a simple level, But you're looking for granular capabilities that do require conditional access licencing and aamagement mechanism which supports your username case.
It's functionality like split policy management you're looking for which is an advanced capability for which you need an idp and the office platform of the right licence level to provide.
@Simon Hardy-Bistagne Simon, it‘s not only about licensing. Combining MI or VMware with AAD Premium does not result in the same feature set as EMS (AAD Premium + Intune).
I agree. If you need conditional access to specific apps inside the Microsoft O365 suite/etc, you’re going to need more of a Microsoft-centered Identity and App approach
No IdP in front of AAD STS is able to distinguish between cloud apps being federated to AAD.
However, if the customer chooses to go with Best of Breed.. (things outside the O365 suite), that’s when your other 3rd Party vendors will come across as a much more attractive option
Correct.
But this is the game Microsoft play, and why you need an idp in the mix.
For us, we have working....
AirWatch for the device management and compliance. Conditional access setting the cloud app policy Ping providing the idp into the whole thing linked into AirWatch checking for device compliance, and carrying out identified checks.
This give us what you're looking for
So Microsoft gets to engage Conditional Access for things in its realm (once the auth into O365) and then Ping handles Federation for all things outside the Microsoft scope
Exactly. And as ping has an API into AirWatch is can confirm if a device is compliant or not direct from the AirWatch platform.
Solid approach. Does that technically require AAD Premium?
@Woody Let‘s say your customer wants flexible Conditional Access for cloud AND on-premise applications, MFA and VPN-less access to on-premise services. Easy solution would be federating all of your apps with AAD and using Azure MFA and AAD App Proxy. This would also cover O365. Thos all is covered by AAD Premium. Why should I need Ping?
It is, if you truly trust-in/believe Microsoft will meet your needs for the long haul
@Simon Hardy-Bistagne Again: Ping has no clue about O365 cloud apps - it just sees O365 as ONE big app. This is not enough.
Personally, I believe the approach @Simon Hardy-Bistagne took is more accommodating to the bigger picture
So long as AirWatch manages/configures the apps how O365 expects them to be, it’s the same result as if you were using InTune
I have discussed all the options with VMware R&D - currently they have only Per-App VPN as workarounds to get there foot into AAD Ca.
@Woody Not exactly: How do you sell O365 MAM with AW if the customer has to pay for two EMMs - AW AND Intune.
You do not get Intune MAM without a full Intune license.
Obviously there will be unique scenarios where 3rd Party can’t compete (nor does it make sense to try). This is certainly one of those
You don't.
It just like any other app you deploy with mobile. If you want to use Salesforce, you pay the license. You want to use dropbox., You pay the licence.
If you want to use office on mobile... You pay the licence... You want to use advance features... You pay the licence, you want intune mam... Pay the licence.
If you want basic features for less cost... Then great!
The construction we have (I recommend looking at the link) give you what you want outside of the Microsoft ecosystem for idp and mobile but you still need to pay Microsoft if you want to use some of their features.
As Woody said, a 3rd party doesn't always make sense, and trying to make them.fit will cause you more grief than just going with the native solution.
The message I think we’re trying to convey is that (as shown below), your entire solution can have a 3rd Party IdP/EMM taking care of Access/Device Management as a whole… with a hand-off to Microsoft to handle things that fall within the scope of their app/service suite
Its just a question of what's more important, functional or cost effective for your situation.
@Woody Your illustrations shows how to use MFA of PingID with AAD CA, correct?
Admittedly, I’m an Okta guy. I was just using the illustration to portray the hand-off into Microsoft from a higher level
If you look deeper into the details, you will see what will work and what can‘t work.
Guys, it was a nice talk with you, see you in this group!
Right. It does appear (based on their instructions) that PingID could be used as part of AAD CA.
Keep bringing the fun conversations - Obviously there is more than one way to skin a cat 😉
@Woody @Peter Meuser I am a VMware EUC SE, but more specifically an Identity SME. Interested to have more of a conversation around what has been mentioned above. I kinda lost track around what was required.
@Peter-Marc Krombos has joined the channel
@Arjan Vermeulen has joined the channel
Welcome @Pete Lindley, @Jonas Hofer @Peter-Marc Krombos and @Arjan Vermeulen!
Welcome @Kory and @Adam Matthews!
@here I am looking to roll out MI to our company and I was hoping to utilize Apple Business Manager and push out MI to all of our devices, but I just recently found out devices only check in during the first time setup. Anyone have suggestions for rolling out MobileIron to MacOS devices?
*Thread Reply:* Thanks, I should have asked if there was a channel. I have since joined.
When you say ‘push out MI’, do you mean by adding them to Device Enrolment (Program) or DEP, as part of the ABM set-up?
If so, the process is reasonably straightforward, linking the MI instance to the ABM portal and back again. I’d usually recommend making the MDM and DEP profiles default, and adding macOS to that too?
I think your biggest area will be around enrolling existing macOS devices.
DEP only works on new devices... if you have an existing estate you with to manage then they will all need to enrol manually.
Ahem, in theory they can be backdated to devices purchased after March 2011. However, different suppliers have different rules on this, so YMMV.
ok.. ok... to be exact, DEP only works with newly setup devices... Yes you can backdate the addition to the DEP portal by up to 7 years... but for any exiting/in use devices, you still have to go and reset the device and set it up again to be picked up by DEP...!
Backdating their addition to the DEP portal won't magically force MI enrolment.
Jeez...! 😉
Why does this still work exist?? Anyone use it?
Microsoft releases its redesigned Cortana app for iOS https://www.engadget.com/2018/11/14/microsoft-cortana-ios-app-redesign-voice-assistant/
Hello, I’m looking for a mobility specialist that knows how to deal with Android Enterprise, Apple Business Manager, Microsoft Azure AD, Intune, etc. Not looking for a rookie. Must be able visiting our Amsterdam HQ a few days a week. You will be working with around 75 Operating Companies globally. Anyone interested?
*Thread Reply:* Just shared this in the jobhunters channel for you.
@Jason I have DEP and ABM setup with a connection to our MDM. I just wanted to know abut existing MacOS devices in our environment. As @Simon Hardy-Bistagne stated, this is going to be my biggest hurdle.
I am going to integrate our MDM with Active Directory and then setup meetings with each Mac user. I am also going to keep track of which devices are enrolled in MDM and which users/devices have not gone to my meetings and gone through my instructions. We have a deadline so I have to move quickly, but I can do clean-up afterward. I will not have the cleanest deployment, but I don’t have the luxury of time.
@Kory You can enrol macOS devices into ABM/DEP too, so worth investigating if you bought these through an approved Apple reseller and or Apple business account. Unfortunately, it is a manual enrolment otherwise, though the iReg enrolment is pretty straightforward?
@Jason Thanks you for the information. I have back enrolled a lot of our purchased Mac’s in ABM/DEP. But I can’t push policy to Mac’s which are already in use. My hope was to silently enroll devices in MI and then push out the policy at the time of talking to Users. But I realize this isn’t feasible right now. I was under the impression that during boot Apple machines talk to Apple servers for registration information, but that is only on first boot.
Can you tell me more about iReg? Or is that just bulk enrollment?
The only way you’ll be able to enrol existing machine silently is if you already have some kind of management over them. You could create custom deployments etc... but if you already have management you would need to enrol them!
I’m afraid for existing machine they’ll have to manually enrol.
Manual enrolment in MI for iOS devices is usually done via iReg - this also works a treat for macOS users. With iPhone/iPad devices, you can push down the MI client (Mobile@Work) as part of the enrolment process, which greatly simplifies the overall process.
With macOS devices, no MDM client is required (it’s built-in) so this iReg enrolment is also pretty straightforward - user navigates to https://<miserverfqdn>/ireg and the magic happens after they supply appropriate creds.
I was going to use our MI Cloud enrollment where the user navigates to https://mobileiron.com/go and logs in with pre-defined credentials. Nearly the same process?
Then hand-out MobileIron Go as a managed app. The user just has to open/accept and it’ll self-register with your Cloud tenant
Anyone ever had any luck managing Linux via an EMM?
*Thread Reply:* @Simon Hardy-Bistagne SOTI Mobicontrol does manage Linux devices. If you are interested in finding out more, let me know and I'll get you in touch with the right experts.
SOTI has something around Linux, but I haven't dabbled.
@Oskar Rodriguez has joined the channel
@Niklas Larsson has joined the channel
Anyone seeing issues around installing AppStore apps through MDM?
*Thread Reply:* Tonight I received an odd message from SOTI. Seems there is an Apple issue. I assume this would affect others too.
> App Store issue preventing the installation of App Store apps on iOS devices November 19, 2018 > >SOTI MobiControl is currently experiencing an issue where requests to install App Store apps on iOS devices are failing. SOTI has investigated the issue and determined that iOS devices are unable to complete app installation requests that use the Bundle ID of the app – one of Apple’s approved identifiers for App Store apps and the identifier used by SOTI MobiControl’s App Catalog rules. There is no workaround or resolution for this issue at this time. Apple has acknowledged that this is an issue on their end and are actively working on a fix, but have not provided a timeline for resolution. SOTI is working with Apple, and will provide periodic updates on the investigation and resolution of the issue. > >The issue was first reported on November 15th. Since that time, any company using SOTI MobiControl has been unable to install App Store apps via an App Catalog rule. This issue applies to App Store apps deployed with or without VPP licenses or redemption codes, and affects all versions of iOS and all versions of SOTI MobiControl. > >Enterprise apps (i.e. in-house developed apps) and VPP B2B Managed Distribution apps are not impacted by this issue, and can still be installed on iOS devices via SOTI MobiControl. > > We are committed to getting this issue resolved as quickly as possible, so you can resume normal operation.
*Thread Reply:* Got it. Is it only impacting SOTI?
*Thread Reply:* Issue Resolved: Installation of Apple iOS App Store Apps
November 27, 2018
A recent issue that prevented SOTI MobiControl customers from installing App Store apps on iOS devices has now been resolved by Apple. Normal operations of iOS devices using SOTI MobiControl have resumed.
We appreciate your patience as SOTI and Apple worked together to bring this issue to resolution.
Some light reading.
*Thread Reply:* “The main challenge is how to implement an app vetting process that does not overwhelm the administrator and does not frustrate the users,” ... My daily pleasure
/poll “Would we benefit from a generic Google/GSuite type Channel?” “Yes” “No”
@Mathieu Beaugrand has joined the channel
Anyone with updated market/analytics figures for Global or regional market on user/devices on MDM, EMM, UEM and Sccm - any special penetrated markets or verticals?
O365 and Gsuite also interesting!
@Philip Harrison (CWSI) has joined the channel
@here has anyone played with Unikens RMAK protocol? It seems to eliminate many drawbacks of more traditional auth methods like saml and wsfed or oauth2
*Thread Reply:* Seems to be proprietary, unless its open sourced, I doubt adoption will be high amongst other identity providers and service providers. How did you hear about it?
A warm welcome to @Denmaru, @Steven D'Sa and @Dave Buskirk 👋
@Shiva krishna pabba has joined the channel
@Anders Ekelund has joined the channel
@Mark Mitchell (CWSI) has joined the channel
Hey everyone! We’re going to tighten the reins on creation of public channels. If you’d like to see one created, drop a request in #meta and it’ll get the attention it needs 🤓
No restriction on private channels though! The public change is just so we get a bit of group agreement and avoid clutter 👍
/poll “Are you using ChromeOS in your Enterprise?” “Yes” “No” “In POC” “On The Radar For 2019” “No Interest”
** I have a customer with a radar for 2019 with Chrome OS
Nice @NicolasR. Do they have any initial requirements/hopes/wants/dreams?
Is there an AW channel I can get an invite to please?
*Thread Reply:* Just sent you a link. You can search it from the channels list.
*Thread Reply:* We’re actually going to consolidate #airwatch and #workspaceone. Just haven’t gotten around to doing it yet 😉
*Thread Reply:* Hi, I‘d also be interested in joining that channel. Can I also get an invite please?
*Thread Reply:* @Julio If you tap the #airwatch or #workspaceone it will take you right in 🙂
*Thread Reply:* @Woody Worked, thanks for the pointer☺️
@Woody we have a chrome book at my office to test in and identify the use cases that could be addressed. Basically we try to see what should be possible and after that we will start to dream 😅
Anyway we have a dedicated Google Business unit in my company where people are specialists on G-Suite. Finding customers should be simple if we have a working use case to share
@Morten Lauritzen has joined the channel
@Menno Bernardt has joined the channel
@Hubert Krautter has joined the channel
@Michael Bastian has joined the channel
Google Fi :-
So I was never really excited by Google Fi before mainly due to the cost... $20 per month for calls and texts, plus another $10 per GB. The cost for data just seems very excessive and the incompatibility with iOS was a pain for someone who swaps devices all the time.
All the other capabilities are really really cool... 3 networks in the US, free roaming in 170 countries, plus auto connection to open wifi networks for data saving and voice calls. And now with VPN included.
Now though... I"ve just seen that the cost for data is capped at $60. Anything over 6GB is not charged, and they've release iOS support.
This has now solved my one concern... and I not can't wait to see if Google will being this to Europe.
Anyone on the US side have any experience with Google Fi?
I’m on £20 for unlimited everything. There is no way I’d switch to Fi at converted euro/gbp pricing as it stands.
Yes i saw Three in the UK re-ran that deal over the black friday weekend. Very good deal... and Three are good for roaming too.
Here in France I pay around 35 euro for unlimited calls and texts (who uses SMS these days?) and 150GB of data.
For me, I travel to the US and Asia regularly, so tats where the roaming hits me.
I know though that in the US the costs are extortionate for mobile... why should i pay for someone to call me?!
You guys got good pricing over there, in Germany it’s at least 65 € for everything unlimited…
You have to keep your eye out for the deals 😉 otherwise they are about that price yes.
Oh okay, so even in France that’s not the regular price? I kept hearing, that except from Germany almost all the other EU countries got reasonable prices on the unlimited offers
So at the moment, i can go and grab a deal for unlimited calls and text, 70GB of data for 23 euro. True "unlimited" data isn't really a thing anymore.
or 60Gb of data for 14 euro on another network i can see
add 2 euro a month, and you ge a 2nd sim to use in your tablet and share the data which is a bonus
60 or even 70 is what I’d consider unlimited so i’m fine with that.
I just extended my contract with VF for 17,50 and 11 gb
since the actual price for the contract is considered 44,99 with 4 gb
Prior to that though I was on £25 for 100GB and had been for 18+ months
Shared SIM is awesome, Vodafone Red were close to what I wanted there, except I had to pay a fee for the SIM each month, which is BS.
I have a partner card included (guess that is shared sim?) in my 11 gb, but have to pay additional 15 for it, so it’s 32,5 €
I"m thinking we should have a "deals" channel... if you see a good deal on network or hardware... post a link?
Spain's pretty expensive too.. I don't think anyone does an unlimited plan. Though I get by fine with the 4GB on my data plan. I just use my work plan personally - I rarely call anyway, all my personal calls are on whatsapp or Skype.
Hello Everybody, small presentation, I am Karim works for AiM compagny using cloud and EMM solution. Thanks
Wow, I am seriously jealous of those plans… I ported my number over to my company’s plan, which obviously a significant benefit; but there’s no way to do a cellular Apple Watch or add on another SIM to my corporate account, even if I offer to pay for it—billing just isn’t set up for that.
*Thread Reply:* This is one of the big issues with enterprise call plans.
Generally there is no eSIM support, no "multi-sim" support and also no voice over wifi support.
Enterprise plans will pick this up one day... but it won't be soon that for sure...
For Mac users, PDF Expert with Pro features is available for 20$ here: https://digitaloffers.imore.com/sales/pdf-expert-for-mac-2
Hi Everyone, quick question, i seem to remember when we setup our on prem core and sentry that there was a mobileiron URL that checked things like SSL, ports etc. Can’t seem to find it anywhere though. Does anyone know what it is? Thanks Al
@Al Platt https://shc.mobileiron.net
Also part of the IronWorks service, of course. 😉
Hello everyone,
I am working with Android ZeroTouch and I was curious to know if ZeroTouch is supported on AndroidGO (low memory) devices. Please advise if anyone have used the same. Thank you in advance.
Theoretically it should work, I believe it would just come down to whether or not the OEM supports it. Some of the folks making the Go phones don’t even appear on the zero touch partner list. As far as I’m aware there are no first party Go devices, which would be the easiest way to validate the feature set outside of any actual official word from Google.
Sounds like a question for @Jason Bayton
Yep, it's per OEM. You'll never get a Go device on AER so there's no mandate for an OEM to support it. The Nokia 1 is one example that does.
Thank you all, the answers will help us to understand even further.
Hi Gentlemen, new to the forum here 🙂 EMM professional for 10 years+ now, working extensively with Soti Mobicontrol and Citrix XenMobile and with interest in AirWatch/MobileIron.
Thanks @Jay I have a question, maybe @Jason Bayton or @Jay can answer on MI. Do you know of EMM software which can leverage a PIN request when trying to access native apps on iOS? So not like wrapping using Citrix Secure HUB etc. where you wrap apps using their own SDK.
*Thread Reply:* So you’re looking to enable a pin when trying to access something like the iOS mail app?
*Thread Reply:* Yes, sorry for the vague'ish question 🙂
*Thread Reply:* Well I'm not aware of any MDM API that could do that myself.
*Thread Reply:* The space is usually for containerization software, but now Android Enterprise has removed the need for that delivering the work profile. But for iOS we where wondering if there where any possibility for doing something similar with EMM software. If not then I am very open to suggestions on which EMM system delivers the best user experience with containerization/pin enablement for non-native work apps on iOS?
*Thread Reply:* Yeah so this isn’t something that can be done at the api level for a pin. But the segmentation when enabling domain level segments is pretty seamless.
Personally I’m a fan of the outlook Ux but it’s all about what functionality you want to deliver and what integration with your existing mdm you want.
*Thread Reply:* Agreed its more containerisation and as mentioned before either app wrapping/SDK. I'll try to be as unbiased as possible (for disclosure I'm ex MaaS360) - and it depends on what you are currently running and additional requirements. MaaS, MI and AW all offer strong feature sets with their containers - also you could bring some SSO into place perhaps if you need additional authentication for the apps (not native).
*Thread Reply:* Thanks for feedback. I guess InTune (which in my opinion has been inferior as an EMM product) actually might be preferred choice, because they can enable these features for office apps, which (maybe) are the next best thing to office apps 🙂
*Thread Reply:* next best thing to native apps. UX, familiarity etc.
*Thread Reply:* On MI specifically I'd use appconnect with Email+, Web@Work, plus any 3rd party apps also wrapped. As we're SOL on iOS for this functionality, an alternative is required.
*Thread Reply:* Thanks @Jason Bayton My native tongue is Danish, so the abbreviation SOL ?
*Thread Reply:* perhaps: lort ud af held
*Thread Reply:* http://onlineslangdictionary.com/meaning-definition-of/sol
*Thread Reply:* lol - I wont translate your sentence back to english, I am unaware of the forum guidelines. But its pretty funny 🙂
*Thread Reply:* We're out of luck on iOS 😋
Does anyone else get the "Magnus Jen" mailer at all?
Looks like many are beginning to check out for the holidays! 🎅:skintone2: 🎄 🎁 — Just wanted to say how appreciative I am of the community we’ve built here. From humble beginnings to an astonishing 415 members (we grew 4050% over the span of a year), I think it’s safe to say the Mobility/Endpoint arena is a 🔥 that won’t be going out any time soon. None the less… kick back and relax because 2019 will be here in the blink of an eye. I look forward to catching-up with you all on the flip side. Cheers! 🥂
@Jason Bayton you get back to popping those pain meds 😵 - We need you in tip-top shape for 2019!
Well said!!
I think we have an amazing community here, and I’d like to thank all of you who have help answer questions, bounce ideas off of, and generally for the good banter all around!
Happy new year all!
I’ll second that. It’s been great to be part of this fantastic community and wish you all the very best for the holidays and a Happy new year!
Newcomer here, but I already feel the Christmas vibes!🎅🎄 Merry Christmas everybody:-)
Hi everyone,
I am using Android Management API for EMM. I was testing Managed Configuration in gmail and realized that we don’t have any provision to bulk upload any emails. We are not using Active Directory. (Eg: if we have 1000 devices, then configuring so many emails won’t be a feasible option) Is there any way we can do it through CSV, please advise if anyone has any sources/guidance.
Any Google Mesh WiFi users out there? Thinking of buying the AC1200 mesh system to upgrade the house, and was curious as to your thoughts of using it? Likely plan to update my outdated modem to a Netgear Docsis 3.1 along with it
Me! And I've had issues with port forwarding since I bought it.
https://twitter.com/JasonBayton/status/1075682787578007552?s=19
I know physical design shouldn’t be a motivating factor over function, but I’m not digging the tall, bulky design of the Orbi.
https://media.giphy.com/media/ac7MA7r5IMYda/giphy.gif
I will say orbi is a good deal more expensive when I looked through. There's probably a middle ground
Haha.
I haven’t decided officially yet, just wanted to get an idea of pro’s/con’s of what others are using out there
I’ve had too many bad experiences with the reliability of Linksys products, so they weren’t in the running for me
I went all in on Eero and have no regrets. Little pricier than some other options, but I live in a 100 year old house with lots of brick, wood, and made at a time when they built up instead of out, and I’ve never had an issue of coverage since I installed it
I’ve been considering Eero as well, thanks Matthew!
I did Orbi RBK50 and have 0 complains. Easy to setup with Verizon in the US for gigabit connection. 3 floor house, and my coverage is excellent since adding the mesh network. Also almost never see degradation to my service, even during peak times
+1 for Orbi. I use the integrated Circle app as well for kid access.
I've heard good things from people using Ubiquity. Both in terms of performance and UI.
Caught this on YouTube the other day...
It's expensive IMO but would be interested in your thoughts...
For me the interesting part was the management of the IP address as home ip's are normally black listed for mail servers.
I like the idea of a plug and play idiot proof email server you can have at home. The security of not giving all your data to the Google or Microsoft's of the world it the selling point.
Cost seems a little rich though for what you get...I think I could do something cheaper myself... But I think I'm not the target market for it.
True and the security aspect got me thinking but yeah cost was a stopper here... approx $500 upfront and then $99 per year!
@Simon Hardy-Bistagne Nice idea, but can be done with a Raspberry Pi and attached drive(s) and backup-SD for below 50$ HW cost. However, you need a business internet access plan (at least in Switzerland) to be exempt from dynamic IPs and being blacklisted. Why not just use a garden variety webhoster with his own servers for less than 5$/month and make sure they have a good backup strategy (and/or pulling backups yourself). This could even be done by semi-tech-literate people I guess...
Because managing your own Linux mail server is difficult to get right I guess.
Hehe, true. And not worth the extra effort compared to using a webhoster with plesk panel that you can easily manage it from for 3.8 Swiss Franc (in my case) for 15 domains
Here in france I have a static IP with my ISP😎 Happy New Year 🥳 by the way !!
*Thread Reply:* Bouygues with optical fiber ;-)
*Thread Reply:* Ah ok. I'm with bouygues at the moment .. just waiting for orange to turn on the fiber!
*Thread Reply:* You guys seen the new Freebox Delta?
*Thread Reply:* It’s pretty sweet and for the first time allows you to combine 4G with your ASDL
*Thread Reply:* I’m with Orange but will soon move to Free to avail of this service - I have a poor 7mb where I live...
*Thread Reply:* I just can't get over their poor support model and fact you can't even do a line check with free!
Where I am... The ADSL is all the same copper and orange are just finishing up laying down the fiber. Bouygues have been very good for the price.. but I desperately need fiber as my current 11mb connection is killing me.
As soon as orange can give me a date I'll move to their 1Gb down, 300MB up package.
I don't need a static IP at home. whenever I host stuff I'll do it in the cloud.
*Thread Reply:* I was able to do a line check with Free
*Thread Reply:* Just entered the address and they told what I can theoretically achieve
*Thread Reply:* I’m actually with Sosh - cheap and cheerful and internet works fine, just crappy speeds
Happy New Year @NicolasR (and everyone else, too)!
Happy New Year all and here’s to a great year for Mobility 😛
Happy New Year folks! 🥂 🍻
Hope you all had a great Christmas and spent some quality time with your loved ones!
Here’s to an exciting 2019 in the world of mobility!
Happy new year 😊
So I ended up picking up a Google WiFi set yesterday. After several hours of troubleshooting with Google, I returned it, absolute garbage. When I got them to connect, my speeds were about 30-40% slower than what I had before. It would only stay connected for several minutes, then drop, constantly. I ended up picking up (2) Eero’s, and in the short amount of time I have been using it, flawless. Much quicker and easier setup, devices connecting all throughout the house, Internet has been stable and consistent throughout the house. Not sure if it is the combo of also purchasing a new Docsys 3.1 modem, but I have doubled by download speeds here 🙌:skintone2:
@thebjohn did you hard-wire the Google units with ethernet or do a wireless mesh?
*Thread Reply:* Hardwired the “hub” unit, then the other 2 were wireless mesh.
I'm on week 4 of troubleshooting it dropping my port forwarding so I can feel your pain. Should have returned mine in the time I had available also.
All my Airport Extreme APs are hard-wired (because I tried the wireless extend mode and hated it) but occasionally I contemplate trying the wireless option again.
I'm just about to add a couple of M9 plus units to my existing M5'S.
Just want to add that dedicated 5Ghz backbone for the mesh... Some are wired but others I don't have that ability.
The happiest “medium” I’ve gotten with the AirPort Extreme units is hard-wiring them with ethernet. Have a dedicated 2.4ghz SSID for legacy units, dedicated 5ghz SSID for newer devices and the “Guest” SSID for IoT. That last part was achieved by enabling VLAN tagging enabled (for the APs) on my Cisco switch. Would really like the dedicated 5GHz backbone of a newer unit, but can’t really justify ripping out what’s there ATM.
*Thread Reply:* Can't say I've seen this but sure it's not a one-off!
*Thread Reply:* Thanks for replying Jason, I found the solution here 🙂 https://stackoverflow.com/questions/50207790/please-configure-android-sdk/51083101
*Thread Reply:* Good stuff! For future, #android would better suit your questions on this topic 🙂
*Thread Reply:* Yup, I figured as much. Just not an an experienced Slack user yet. Thanks!
Hey all, anyone else working in finance and mobility? It’s quite a pain compared to when I was in Pharma
*Thread Reply:* Hi, yeah I've been doing some work for Banks.
*Thread Reply:* I work for a bank - when you say « a pain » in what respect? Banks are ultra security conscious if that’s what you’re referring to ;)
If you’re just joining us, here are a few channels you may find of interest. #airwatch #mobileiron #maas360 #microsoft #android #ios_general #sidebar
Revisiting this topic. Anyone happen to have experience with Virtru encryption for GMail?
Do we have a lot of MacOS users here? Considering to leave a 6 year MacOS streak for a Surface device @Work, but not really sure… 🙂
I wouldn't go surface pro's myself, maybe the surface laptop... Mainly just don't like a floppy keyboard which doesn't work on your lap
Macbook pro here but TBH I will probably go back to my MacBook 12" soon as order to form factor
I have a 13" (work) and a 15" (personal)... prefer the bigger screen but not the weight 😉
MBP, but dabbling with ChromeOS currently. I would not go to a Windows device unless forced personally
Yes I use Mac as a primary in work and home. Can't get used to the butterfly keyboards though 😞 But I prefer desktops anyway. I have an iMac at work and a Mac Mini at home and I use a portable boot drive so I can easily switch without having to sync or leaving the office with an iMac under my arm 🙂
And yeah I had a Surface Pro for a while - like Simon said the "lapability" is not as good as they promised
I went to Linux for a while (Ubuntu) but I had too many things in my workflow that I needed supported apps for. But I still use everything at home for different reasons (Windows for Gaming, Ubuntu for technical projects, Debian for servers, and Mac as main driver)
@Anton I what kind of surface are you thinking of getting?
I'll admit to being tempted by the Surface Book.. but the Mac just works for me (5yrs now into the darkside). I run Windows boxes at home for gaming and testing. Linux is always something I dabble in then and then get frustrated with lack of needed apps etc.
*Thread Reply:* Yeah I agree, it's still not there yet after all these years. Especially now with Wayland there's many little things that don't work.. And the huge app gap of course.
*Thread Reply:* Agreed.. its come a long way but sometimes you just want things to work! I don't mind the odd bit of CLI but half the time you end up having to clone git repos and install other software just get 1/2 way through the pre-reqs. That's not how I want to spend my time anymore..! Now on my Raspberry Pi's I don't mind because thats a hobby system but for main use nope!
*Thread Reply:* Yes that's why I moved to Mac in 2003... Great POSIX OS with "Just works", mainstream software support and still the powerful features to fiddle with.
However I do find lately that I end up having to fiddle more with my Mac trying to get Unixy things working. Things like X forwarding over SSH by the way - when I moved to Mac XQuartz was still a proper feature - not something open sourced and basically dropped 🙂 I also really don't like the more powerful features of the OS being replaced by "On/Off" buttons which means I have to mess around with plists and config files to get things working again. That's why I moved to Linux for a while but it's still not there yet.
I’m considering the Surface Laptop 2. No other Surface device has caught my interest…
For me it's all about form factor... I can do my job on windows, or macOS... the apps i need are there so that doesn't play a part in it. iOS or ChromeOS... the jury is out as far as being able to use a device with that SO as my daily driver.
I Need... 1) Something with mouse support (as frankly content creation without it is impossible) 2) Something that can be used either on my lap, on a try table on a flight/train etc. 3) Something that's light enough and portable enough just to throw into a small satchel (13" is the sweet spot, 15" for me is too large) 4) If i'm going to have a 2 in one, then it needs to function well as a stand alone tablet so that when i'm chilling i can watch Netflix or Youtube without risking being knocked out if i drop it on my face.
That discounts the iPad as a laptop replacement (but we all know that), the surface pro's with their floppy keyboard and it's just a poor stand alone tablet, and also the surface book as it's just too large/bulky.
The surface laptop is a great device, and I'd happily use it as my daily driver, but, I'm seriously looking at the Pixel Slate. It's very buggy at the moment but that's just software... The only think I'm waiting on is for someone (@Jason Bayton Cough Cough) to tell me A) how well Android apps like the Office suite run on it and B) how manageable ChromeOS is these days with AirWatch/Intune.
B) requires I get chrome enterprise set up. That'll take me a minute. :)
A) I'd say fine, but I'm a light user. Once more like Teams my company cripples office suite by requiring the intune company portal app.
yeah... that's the same for us... but it's only there as we have enforced the conditional access that only official MS apps can access your mailfile. company portal needs to be there on the device, but no enrolment needed so i'm not too fussed.
Touch support on the Chromebook makes it just like using office on a tablet or phone, which has always been fine for me
cool... i think i'll see about getting something on order... the pixel slate isn't out in france... so i'll have to get one sent over from somewhere else.
Happy to help, I've done similar for folks in NL also.
@Simon Hardy-Bistagne @Jason Bayton I’m just starting to dabble with ChromeOS Enterprise (GSuite Management + Login via Okta). Going to dig deeper over the next week or two and will report back.
*Thread Reply:* Haha - Emmet and President/Lord Business are some of my best customers!
*Thread Reply:* I enjoy theming my environments. Helps me keep them straight, LoL
*Thread Reply:* So far I’ve got Hooli, Dunder Mifflin, Octan and GoodBurger
*Thread Reply:* Its a good approach. I had some ex colleagues who named test env's after Star Wars locations, people and also Lord of the Rings.
*Thread Reply:* Ha! There are so many good ones… figure, why not!
*Thread Reply:* Indeed.. no reason why we can't have fun at work 😄
Quick question, I am enabling/managing windows defender without ATP via Intune. The pre-requisites is licensed tenant for Enterprise mobility + security e3 and windows E5.
My question is. We've windows professional, will this rule work also with this version?
*Thread Reply:* We currently use Windows pro here and our intune testing so far is with a similar config.
*Thread Reply:* With windows professional, I'll be able to enable and manage windows defender using Intune (complaince and configuration) policy?
@Marc van der Kooy has joined the channel
Those of you looking at Intune, what internal browsing solution. Are you looking at?
*Thread Reply:* @Tstahl - 'Microsoft Intune managed browser' app as internal browsing solution
*Thread Reply:* @Srikanth , that’s just the browser, not how you allow the traffic internally. Are you using Azure App Proxy, netscaler, etc
@Jordan Philip has joined the channel
@Jonathan Kane has joined the channel
@Dimitar from SmartCircle has joined the channel
@here I'm looking to include this in a post I'm writing about AER for EMMs, if I could get a larger response it'll look much better please and thank you :)
@Martijn Schraven has joined the channel
Thoughts???
BBC News - Domino's Pizza app must be accessible to blind people http://www.bbc.co.uk/news/technology-46894463
I think making the app available to blind users isn't hard (you simply have to fully utilise the tables and comments fields when developing the app) my main thoughts though are around legal action if you don't.
*Thread Reply:* Yeah this exactly... I don't think it should be mandatory if they provide such an easily accessible alternative.
If the app were the only way to order a pizza I'd agree 🙂
Blimey look at all the newcomers! Welcome @Neha @Renan Medina @Hideki Mori @Lekha @James @Leo & @Sean Hanrahan
@Simon Hardy-Bistagne some new VMw acquaintances!
I thought the invite link had been chucked up on Reddit tbh 😋
Ok... so as of April... my GSuite platform for personal mail is going to cost me 20% more that it does at the moment... Time to start thinking about migrating back to o365?
*Thread Reply:* Not really... Office E1 licence which gives me the same as my GSuite Business licence is 7.20£
Compared to the new google price of £9.20
*Thread Reply:* Oh damn, I was seeing totally different pricing
*Thread Reply:* Also, is anyone else surprised to see a cost increase after a guy from Oracle comes in?
*Thread Reply:* What i'm giving up though is probably a little storage going to onedrive though
*Thread Reply:* Wow. Need to check and see if the US rates are going to be changing. I really don’t want to make a move, as all our family is on GSuite but money does talk.
*Thread Reply:* @Woody yes, Gsuite rates going up. Effective from April 2.
*Thread Reply:* I use O365 for personal ( 2x accounts) and its around £22 p/m for Business Premium
*Thread Reply:* You can actually get hosted exchange with web-based office only (no PC apps)- thinking about this personally (as I don't need the O365 apps for personal use). https://products.office.com/fr-fr/compare-all-microsoft-office-products?tab=2 Called "Office 365 Business Essentials" for 4.20/user/month
But yes E1 for 6.70/month looks like a good option too.
Can you buy this as a private person though? When I go to "buy" it wants company details etc. I don't have one. But I do have my own domain(s).
*Thread Reply:* It will ask you for a company name, but that's it... No obligation to enter tax numbers or anything.
*Thread Reply:* Thanks! I wonder if the E1 plan comes with intune? That'd be cool - to have my own instance to play with. I suppose that's E3 though.
*Thread Reply:* Afraid you'd need a combo of either e1 plus ems e3 to get what you need.
straight office e3 will give you intune but won't give you aad premium which you need for conditional access.
*Thread Reply:* are we talking intune intune or "MDM for office 365"? intune isnt listed as included here: https://products.office.com/en/business/compare-more-office-365-for-business-plans
*Thread Reply:* @Mirco Reimer https://docs.microsoft.com/en-us/intune/licenses
It’s included in o365 e3. Just remember without conditional access it’s pretty much useless
*Thread Reply:* Actually... Just looking and the cost isn't "crazy".
Office E1 licence is £6 EMS E3 licence is £5.28
So for £11.28 you get exchange online, aad premium (inc CA), intune, and everything you'd need.
Compare that against the new GSuite price of around £10 it's not that crazy for what you get.
*Thread Reply:* I’m wondering if I could change my current subscription to that?
*Thread Reply:* if you're on a monthly subscription then i dont see why not. If you're on an annual subscription then you'd need to wait until the current licence expires before you change.
*Thread Reply:* I decided to go O365 on the weekend 🙂 5 euro including VAT per user per month for O365 Business Essentials.. I have 4 users (family members that share the domain for email and use it very little) so I didn't want to go full E3. As that would benefit only myself. I'll migrate over the next few days (I have to connect to all of them over teamviewer as they're not technical 🙂 )Thanks for all the info!
*Thread Reply:* Can you not mix and match licences, giving yourself and E3 and them a more basic one?
Post migration you could always enrol then into intune so future changes can be managed by powershell commands!!
*Thread Reply:* Good point, I didn't think of that.. Now that I signed up I see indeed that you can assign licenses.. I thought they had to be all the same (wasn't that clear before I signed up). I'll check that out, thanks!
*Thread Reply:* Unlike gsuite which requires using a reseller to get different licenses 🙄
*Thread Reply:* I don't suppose bayton.org is a licence reseller??
I mean... you can supply zt devices.... 😂
*Thread Reply:* It got updated to say "TESTING ONLY" in the name haha
@Rajesh Ranganathan has joined the channel
Anyone familiar with devices configured with exchange and microsoft’s app password (16 char) and using a 3rd party identity provider (SAML only)?
Question from my client “We plan to migrate to a SAML based 3rd party identity provider, given we have a Microsoft MFA (16 char password) for email enabled today, what will happen to these devices when we enforce SAML authentication on Office365? Will the Microsoft MFA still be in effect?”
As long as they're using modern auth at the moment, then in theory it should stay in effect for as long as the curren token is valid, and once it expires it should then prompt for the new IDP.
But will the App password still be valid, once the new IDP is effect and MS MFA is turned off... I do not know.
Is it possible to enforce MS MFA App Password AND 3rd party IDp?
They are saying they have devices that are older and don’t support modern auth.. not sure i buy that though
That is what App passwords are for: it's for apps that do not support modern auth. For these apps, you can generate a App password. This is not however the same as enabling MFA. It's an option within MFA, to get older apps to work
So, I assume, if you are not using Microsoft MFA, the Microsoft MFA generated App Password, will not work (anymore)
Ah I see what you’re saying. I bet they are using Modern Auth now and dont know it
It depends on your IDP. If they can identify and whitelist apps it's possible. More difficult with Azure based apps though if you're bypassing conditional access as normally an IDP sees all authentications into the O365 infrastructure as a single app/platform
Hello everyone, looking for a XenMobile guru. We have had XenMobile installed in our environment for the last 3 years. We are currently using domain credential authentication to logon to SecureHub and SecureMail. We would like to change to certificate based authentication. We know the steps but was told by Citrix that after switching we would need to re-enroll our entire exisitng (users that were already enrolled) user base again. Can anyone confirm as that seem like an insane task. Thanks for the help!
Hello @TedStryker! I’m not an expert in XenMobile, but I know based on other EMMs, a reconfiguration of app(s) to leverage CBA should not require a retire/re-enroll. At most a removal/re-install of the app and its associated configuration (with the certificate included)
and let’s be honest, if they’re having you retire all the devices… might be a good time to look at enrolling with other EMMs that won’t force you to retire to update such a remotely simple setting 😉
Thank you @Woody super appreciate the response! Not as worried about the apps as much as the SecureHub logon app. We use that to logon once a week to contact the server. We would like to switch this as well as we have upped our min password character length to over 15 which is a pia for users. With CA enrollment from what I understand, the user would just need to put that password in once during enrollment. What they said is that these existing devices would stop working requiring a re-enroll to the MDM :( We are not happy with Citirx/XenMobile as they recently went to a cloud only model and we are on premise as we are anti cloud :(
*Thread Reply:* @TedStryker Is this a change you’re looking to make for iOS, Android or both?
*Thread Reply:* @Woody We are mostly an iOS shop. We have Androids (maybe 5%) but they are not "officially" supported so if they had to re-enroll it would not be the end of the world.
*Thread Reply:* @TedStryker so if you removed/updated the SecureHub, would the device continue to be managed via iOS MDM during that time? (my guess is yes)
*Thread Reply:* @Woody I see your point but the issue is that we require devices to check-in in with the SecureHub app once a week. Even if we removed the app and reinstall it they would need to re-enroll again wouldn't they? SecureHub is what Citrix uses for enrollment and policy enforcement.
*Thread Reply:* @TedStryker So, with iOS that’s a little bit of a misnomer. iOS maintains the MDM/Apple management relationship with your EMM… while the “agent/client” is more of a point of presence on the device for the EMM vendor (Citrix/MobileIron/VMW/etc)
*Thread Reply:* So, in theory you could remove the agent and remain managed.. with check-ins being performed via Apple’s native MDM protocol on the device
*Thread Reply:* @Woody I understand but if we removed the app how would the user ever get use of the SecureHub app again for let's say new apps from our SecureHub store without re-enrolling. Thanks for all the help!
*Thread Reply:* @TedStryker It depends. If you removed the app, then re-deployed using a Managed App Config (specifying the identity certificate), the user would launch SecureHub and subsequently be logged-in, etc. If they deploy using their own app container technology, it could be a similar experience. Do you have a sandbox tenant to test?
*Thread Reply:* We have a dev environment. Problem is dev license only allows 5 devices. We can test there but from what Citrix engineering told us, this can have various results. They said they have done it but many would need a re-enroll. They said the last attempt produced a 20% failure where those users needed to re-enroll. Like usual not much help from Citrix and we feel alone in the dark if we flip the switch as they won't support it 😣
*Thread Reply:* @TGR Maybe you have any input?
*Thread Reply:* I'm still new in the slack business so it seems like I've posted my response in the lobby...
*Thread Reply:* Reposting: @TedStryker I've done a few XenMobile installations, so here are my 5 cents. I think Citrx have rethought their plan of forcing all customers to the cloud. You can still get the on prem solution and I've been promised that support will continue. They have a somewhat large customer base of public organizations that also swear to on prem installations (eg. Police and military). They won't offer all features for the on prem version though. Regarding the certificate authentication - I'm afraid you would have to reenroll to use certificate based authentication, but from what I understand, you aren't using the Citrix Pin instead of AD creds is that correct?
@TedStryker I've done a few XenMobile installations, so here are my 5 cents. I think Citrx have rethought their plan of forcing all customers to the cloud. You can still get the on prem solution and I've been promised that support will continue. They have a somewhat large customer base of public organizations that also swear to on prem installations (eg. Police and military). They won't offer all features for the on prem version though. Regarding the certificate authentication - I'm afraid you would have to reenroll to use certificate based authentication, but from what I understand, you aren't using the Citrix Pin instead of AD creds is that correct?
@Jason Bayton I stumbled across your test of different Android devices in relation to Android Enterprise (https://bayton.org/docs/enterprise-mobility/android/android-enterprise-device-support/) I'm very impressed - I think it's extremely useful, but would it be worth making it a team effort where others could add in with devices that you haven't tested?
*Thread Reply:* Yes! I'm working towards this by publishing the process I use, and where supported the configs on the EMMs also. There's a LOT more detail I need to define still.
Early on it was suggested I only host devices I can vouch for when I sought feedback and that's what I've focused on, but I'd be keen on expanding this with some form of evidence (perhaps a testing video or such, which I'm also considering doing anyway) of each devices behaviour
*Thread Reply:* I like the fact that all devices can be considered interesting as customers might need them for something other than COSU devices or NFC enabled. I'm testing the Oneplus 5T at the moment and that comes in four different OS flavours (7.1.1, 8.0, 8.1, 9.0.x) and they all behave differently. In 7.1.1 eg. there is no camera app available when the device is setup in device owner mode, but from 8.0 the interruptions that you also mention for the Oneplus 6T start appearing during provisioning. I don't know in which detail this should be added to a report, but as a customer planning on buying a ton of these devices, it might be interesting mentions. But kudos for the work!
*Thread Reply:* The downside to being entirely reliant on OEM collaboration means I don't get as many devices as I'd like and some I have to buy myself (6t case in both points). My approach normally is to update the device to the latest possible and test there. Should I find issues, then the device is updated and resolved, I note in notes a brief "something was wrong, make sure you update".
If I had more time (and made a little money for the hours needed!!) I'd do a report per device as I have done for the 6t and Pocophone, but currently only do those when I have no OEM contact to report issues to.
In the report I'd list the newest build at the top, then in descending every build tested and what was wrong.
@here do we have any more MWC attendees? Is it worth arranging a meet in one of the fine establishments in Barca as we did last year? My evening is free on the 25th!
Hi Jason, a team from Hypergate will attend MWC as well
*Thread Reply:* Will you have a stall or just visitor pass?
*Thread Reply:* Unfortunately we are only there as visitors
@Martijn Rijerse has joined the channel
@Ernesto Di Mauro has joined the channel
Welcome @Thibaut Bellon who helped us immensely when we were putting in place our AirWatch/VIDM/IdP combo - I can recommend him and his company wholeheartedly for any consulting or support!
Haha ! Thanks for the introduction @Damian gotta raise the bar on the next job ;-) Welcome everybody, seems like this place is THE place to get all relevant advices, tips, help. Hopefully I can share as well if need be !
@Thibaut Bellon I had a crazy eye-opening chat with @Damian nearly a year ago regarding ViDM/etc… and I think a lot of that is attributed to your efforts. Glad to have you join us for the ride!
*Thread Reply:* Glad to be part of it ! It’s always very impactful when you can discuss with other industry experts !
*Thread Reply:* Agree @Thibaut Bellon - Living/operating in a vacuum is no fun!
It is indeed - he was the Jedi master and I was the apprentice... 😂
I learned a lot thanks to him...before he came along it was quite honestly a bit of a shambles trying to get any expertise but it all worked out in the end!
Well, it’s not the “PeeWee Herman driving” I was going for… but you get the idea 😆
I've run into an issue with OnePlus 5T devices running AE Device Owner kiosk mode after they're upgrading to Android 9.0.3, where home and back buttons aren't working and the overview button leaves ghosting. I'm curious what people experience on other device types running Android 9?
*Thread Reply:* OnePlus isn't an enterprise device, they've got numerous AE issues. What's your EMM?
*Thread Reply:* I can add that we are managing from XenMobile and hence using their implementation of the standard Android Enterprise Kiosk mode when running COSU. After upgrading to Android 9 the Home button stopped working and the back button never gets you to the Kiosk 'home screen', but only back through app activity. The Overview button leaves ghosting on the Kiosk 'home screen'. I went on testing using Google's Android enterprise management API, where I can also enable the kioskmode. In this mode (on Oneplus 5T running Android 9), the Home button and the overview button are missing and the statusbar showing time, signal, battery, etc. has also went missing even though "statusBarDisabled": false.
*Thread Reply:* I know what you're saying about OnePlus not being an enterprise product, but we actually had a somewhat stabile platform with the limitations that running AE on a OnePlus device gives you before they upgraded to Android 9.
*Thread Reply:* @Jeroen J.V Lebon (Open for new opportunities) may be able to offer some XM specific insights.
9 brings a totally revamped native experience for kiosk, I just don't see OnePlus as having done anything to ensure this works properly.
*Thread Reply:* I've had OnePlus test this and they're saying that they see the same thing with a Google Pixel device, which unfortunately I can't test, as I haven't got one at hand
*Thread Reply:* But I'm having a hard time believing that a Google device wouldn't work with the basic management API kiosk mode that they are maintaining themselves...
*Thread Reply:* Pixel is a separate business unit to Android (and AE) so it can happen but I'd be inclined to agree with you
*Thread Reply:* I know. I met a couple of the people in charge of Android Enterprise from Google at Soti Sync in Ireland last year. They are normally really hard to get through to as they don't leave business cards behind, so I had a lot of questions at hand 🙂
*Thread Reply:* But seeing that I never got a business card and that all communication with them must go through the EMM, and that Citrix is not spending a lot of time discussing Android Enterprise with Google, that channel is pretty much closed off...
*Thread Reply:* There are long-overdue changes in the works to make that a little easier going forward!
*Thread Reply:* You mean getting hold of Google to verify or decline issues being related to them, vendors, EMMs or whatnot?
*Thread Reply:* I just received a video from OnePlus showing that a Pixel2XL also has issues with missing home and Overview button and is missing the status bar using the Android Management API kiosk policy... Now I'd love to get a response from Google about this.
*Thread Reply:* Could you output the issue, steps to replicate, policies you applied, etc into a mail and ping it over? I'll be catching up with them later so can bring it up 👍 jason@bayton.org
*Thread Reply:* @TGR I am currently travelling, can you send me a PM with details, i will look at helping you moving on solving this.
*Thread Reply:* @Jeroen J.V Lebon (Open for new opportunities) Thanks, I've sent you a PM.
@Alexander Wendling has joined the channel
@Mathieu Devaud has joined the channel
I'm surprised there's so little activity on this. Loads of us went to MWC last year!
Yeah.... I was planning to attend but I doubt it is possible currently 🙂 However I'm based in Barcelona so I would like to join the meetup in the evening.
Edit: I got a ticket! 🎉
Apple stores now selling JAMF!?
Apple Retail offers enterprise-class MDM for the rest of us https://www.computerworld.com/article/3337523/mobile-wireless/apple-retail-offers-enterprise-class-mdm-for-the-rest-of-us.html
Interesting. Though, if I’m an end user… I’ve got Find my Family, Find My iPhone, etc. Curious how they’ll pitch this
yeah I would think this is more geared for SMB
Definitely interesting that they're doing this from their retail stores
Wonder if they’re offering any implementation/install or just the bundled sale when someone purchases a fleet of devices
I can see them leveraging the Genius bar for this
What’s really big about this is that the move is going to put MDM “software” on the shelf next to items like Office and Logic. Sure it’s targeted to SMB, but it’s a move that will make MDM more common knowledge/utilitarian and JAMFs name will be synonymous with it
Yeah agreed this will definitely get the word of "MDM/EMM/UEM" out there as a more common term
Apple sales is known to sell JAMF licenses when they sell iPads to enterprises
Consumerisation (spelling?) is def a good thing - awareness!
I am curious to know who this IT guy incharge of security goes to Apple retail store wondering how to protect the devices 🧐
In the SMB space - you’d be surprised
Even just at the number of places where the email admin/MDM admin/Mobile expert is some dude who has been at the company for 20 years and used to provision flip phones but can’t find the settings app on his iPhone
I went into a store for a battery replacement last year and someone was bundling a bunch of ipads into a bag talking (to a genius) about work
I still get on calls with bank managers where everybody is fully aware they are sharing their screen on webex and they open up a spreadsheet that has all their account IDs and passwords.
Nothing to do with apple that though is it, universal ignorance 😛
Just saying - common knowledge isn’t so common is some of these mobile spaces
Time to walk over to the apple store after work (Union Square SF) and see if they have the box out
I wonder if the Apple Geniuses will talk to it? How much knowledge/information will they offer
On a related topic, I’ve been thinking about security awareness training; a whole new crop of vendors seems to be cropping up to protect from phishing. My thoughts are: If something gets all the way to the end user and our other defenses (MFA, etc) won’t stop it, then customers should spend the money elsewhere. (Blaming users seems to be going out of style.) On the other hand… Defense in Depth…
Jack, please grille them on the product. Mention kerberos, supervision, enterprise certs for internal app disti (lol) and see how long it takes for them to get flustered
Facebook did a lot of good spreading the word about enterprise certs.
TBH.... last time i went to get my iPhone swapped out at an AppleStore... I told them is was on DEP and they really looked blankly at me... even showed them the supervised screen in the settings menu and they seemed shocked....
I doubt very much they have any knowledge of it yet....
Agree. Certainly above their pay grade--at least for the time being
Interesting… I wonder how an Apple care device replacement works with DEP. Do they have a way of swapping the serial numbers in the system, to make sure that the replacement is flagged for DEP? Or was the new device essentially non-DEP?
I’d think that may be an area Genius Bar doesn’t want to dabble in
The back-end system that runs Apple repair — GSX — should automatically place replacement devices into DEP.
BTW the Jamf/Apple thing is only about Jamf’s SMB product, Jamf Now. Jamf Pro is not part of this, as far as I understand.
@Jack Madden Apple do have the ability to remove and add DEP devices to any account through their internal systems. And DEP device providers also have the ability also to remove any devices they've added to a customer DEP portal too for various reasons (returns, accidents, end of lease etc).
I've gone over this with various Apple bods.... Some say that the Apple Store folks should take a DEP device, remove it form the portal, and add the replacement device to the portal in it's place all in store. And I've had others tell me that it's the responsibility of the enterprise to manage this process.
The problem is, that my 1st hand experience is that they took a DEP device away, and gave me a non-DEP device. Even after i told them they should really add it to the DEP portal.
And, there is no way to know if any of my users is going into an apple store to be able to swap a device. Even if i did... there's no way for ME to add the new one to the DEP portal.
*Thread Reply:* Got it. I appreciate hearing the anecdotes!
@Emil Novakov has joined the channel
This tweet by my brother got me thinking about how to do managed dictionaries on iOS and Android—it would be so nice to have https://twitter.com/brianmadden/status/1091671218158256128
@aaron I’m assuming Ground Control could probably do this?
Yes, we can, when we restore a backup to a new device.
You heard it here first folks! EMM is dead!!
I’d say EMM is dead, in terms of being a solo act.
He makes some good points I think. We can already see issues with IoT stuff not fitting in well with the current management systems. And the desktop management world will change massively in the next years.
But I don't really like the panicky tone of the article. Sure the technology will evolve. As it has always done. They'll come up with new acronyms, make new features and drop some old ones as always. A new vendor might really take off and reinvent things. It's just part of the job to keep up with the state of technology. Yes if you don't do that you'll get left behind. What else is new?
*Thread Reply:* That article could have been written last year and still have made some form of sense. I dont think that guy has spoken to a Vendor.... take a quick pitch from BB or VMware and he'd have had way more to add to this.
Ah it’s crystal ball time again...yawn...they were saying similar things about certain companies that wouldn’t survive like BlackBerry and MobileIron - they both evolved and are stronger than before. I always take these prediction articles with a grain of salt...
So I read this and thought to myself that none of what he says is new. Most of it is already happening and it just felt like clickbait, or the classic Consultant who comes in and tells you the time from your own watch! We all know that MDM/EMM as a standalone is a dying breed and the UEM (+IOT) is the future. Also acquisitions will happen in order to shore up capability and compete - example is the Aetherpal/VMware announcement.
Haha!!! Definitely bingo... AI all the things.... Though no mention as to what or why...
you guys know any solution to do Mass Deployment for Chromebooks ?
*Thread Reply:* I haven’t come across anything noteworthy (yet). However, checking with a couple contacts to see if there’s been any movement in that arena
Hi there @Thibaut Bellon - Are you looking for more than what GSuite provides for ChromeOS Enterprise management?
yes like Apple DEP, Google AutoPilot, Android ZeroTouch
@Thibaut Bellon I’ve worked with a couple of clients on this and I haven’t seen an official solution from Google yet, however there are some programs that essentially spoof being the keyboard so that when Chromebooks are tethered to a USB drive the enrollment can be automated. Rubber Ducky is the one I’ve come up agains the most, but I haven’t personally been hands on with it
Don't Give Me a Brake - Xiaomi Scooter Hack Enables Dangerous Accelerations and Stops for Unsuspecting Riders | Zimperium Mobile Security Blog https://blog.zimperium.com/dont-give-me-a-brake-xiaomi-scooter-hack-enables-dangerous-accelerations-and-stops-for-unsuspecting-riders/
@Martin Hillerö has joined the channel
Android Enterprise: Anyone that knows how to add the phone icon to a kiosk interface for Samsung devices? The EMM is XenMobile, but it seems Samsung uses an intent through com.samsung.android.contacts and not a stand alone package that I can point at.
Phone and contacts are often a shared process so one relies upon the other. com.android.dialer or com.samsung.android.dialer though might see you through
@ChrisB [MSFT] has joined the channel
@Jason Bayton I tested those two already to no avail unfortunately, but thanks for the tip 🙂
Have you tried a package name viewer? I rely on package name viewer 2.0 from play to search and get the packages I need frequently
@Simon Thomas has joined the channel
Thanks Jason - I'll test with that, but when opening up the phone app from a device without kiosk, I've tried running 'adb shell dumpsys activity activities | grep -i dial' and it gives me 'com.samsung.android.contacts/com.android.dialer.DialtactsActivity' which also points at the shared proces - I'd just love to have a package to point at that can open up that activity...
@Jason Bayton It's a good app and visualize the different apps and their icons - unfortunately Samsung doesn't give us an app with a package ID to access the phone. I'll see what can be done.
I can also vouch for that @TGR, I was trying to apply a blacklist yesterday for a client and couldn't remove the phone icon even though I blocked everything that contained the word "phone" or "dialer"
@Adrian Patrascu has joined the channel
It was @JordanOC who pointed out to me a while back they share a process
@Jérémy PINCHON has joined the channel
@Vishal Guleria has joined the channel
@Chandra Bhushan Mishra has joined the channel
@Debmalya Sanyal has joined the channel
Guys, does any one have implemented the intune auto pilot project?
*Thread Reply:* Yep. We have a pilot running
*Thread Reply:* I am looking for a document or you can say prerequisite before we implementing
*Thread Reply:* That’s a massive question my friend.
It’s all depending on a myriad of items from how you authenticate your users, what are your network conditions what versions of windows 10 you’re running, who your device provider is.
*Thread Reply:* Authentication - AAD, Windows 10 :1809, OEM :Lenovo and HP.
*Thread Reply:* If you already deployed please share templates or any sheet where you have mentioned your requirements
*Thread Reply:* Hi Simon.. If u have any info please share with me..
Massive influx of newcomers! Welcome, everyone 👋:skintone2:
*Thread Reply:* Indeed! That LI post was getting a lot of attention 👀
*Thread Reply:* ^Hes been blogging again!
*Thread Reply:* Yes Jason, that posting served the group well!!!
@JordanOC and @TGR did you try com.android.phone? Which Samsung device? Model number and OS? I guess EMM is citrix
@Markus Güntner has joined the channel
Welcome folks! Check out the channel list to get started! We have #mobileiron #android_enterprise #apple #microsoft and many more :)
@Mathieu Bernier has joined the channel
@Jorn Erik Hornseth has joined the channel
@John Piccininni has joined the channel
@Marc Brandenburg has joined the channel
Hello members!
Are you interested in writing? Have a knack for converting complex topics into easy to understand articles? Do you want to share your experiences with things you support, implement, challenges overcome or pain points that need spotlight? Have you been itching to talk about something, but lacked a suitable platform on which to do so?
The mobilepros.org website may just be the outlet for you!
As the site is built out over the coming weeks/months I'd love to see our members contribute content to the platform. Build an audience, demonstrate your knowledge in a chosen area.
Guides, opinion pieces, you name it.
Anyone interested will get an author account and the opportunity to edit a mobilepros profile providing whatever info you wish to publicly display. Those of us who write a lot can help with proofing/editing also to ensure the content is the best it can be.
Who's up for it? 👊
*Thread Reply:* I would like to contribute. MSIntune is my bread !
*Thread Reply:* Hi Jason, I would also like to contribute. I'm working with a Workspace One solution now, and will migrate to a MobileIron one in the near future.
*Thread Reply:* Cool! I think core categories will echo the slack group (#mobileiron, #microsoft, etc). Aim for something between 300-800 words, unless you intentionally want to go long-form. Think about the tags you'd like to go along with it (SEO, no big deal) and I'd say just get something drafted up in Google Docs/Word Online, and I'll get working on a submissions channel 🙂
*Thread Reply:* Will there be a Mac category? If so I'd like to contribute. Most of what I could offer would be in that category, that's why I'm asking.
*Thread Reply:* Great, I would like to start as it interests all of us on the change Apple is going to release in iOS 12.2 with the new method of the management profile installation. Let me try and draft this over the weekend.
Hello All, Thanks for this initiative, Looks awesome place to have one stop discussion and solution for Mobility Professionals
Hi guys,, thanks for the invite
@Kiran Ashok Nalawade has joined the channel
@Brady Hourtienne has joined the channel
@Joris Adriaanse has joined the channel
@Kjell Eilertsen has joined the channel
@schiefvancleef has joined the channel
@Fernando Carvalho has joined the channel
@here hello and welcome! To help you out as I know it'll be pretty bare when you first sign up, check out the Channels list to find your topics of interest and join in with conversation! We have over 30 channels with varying levels of activity, so please don't feel you need to concentrate your efforts in #lobby or #sidebar
Here are some other examples: #maas360 #microsoft #workspaceone #apple #citrix #soti #lookout
If you're looking for a topic but can't find it, ping someone or leave a message in lobby and you'll be invited in by another member.
Have a good one!
@Johannes Harbs has joined the channel
@Shamitha Widanapathirana has joined the channel
@Badri Mahabhasya has joined the channel
@Mikko Koljander has joined the channel
@Laura Bergström has joined the channel
Good man - welcome to the group, I’ve been here a while
@Jonathan Pilgrim has joined the channel
Hi @Jason Bayton et al. Happy to have found this place
👋 hey! Clearly I haven't been shouting about it enough eh?! 🙂
@Kavinda Senarath has joined the channel
@Shaik Abdul Hameed has joined the channel
Growing. Looking good!
Welcome to all the new members 👋:skintone2:
@Nafes Choudhry has joined the channel
@David Johansson has joined the channel
@Michał Konowrocki has joined the channel
@Rob Knight has joined the channel
Hello everyone, I look forward to picking your brains and contributing to the discussion! ;D
@Kosti Hokkanen has joined the channel
@Gwenael Maryns has joined the channel
@Prasad The device I'm testing on is a Galaxy S8 running android 8.0.0 (Build R16NW.G950FXXU4CRL3) Yes - the EMM is Citrix XenMobile or Endpoint Management if you will 🙂
*Thread Reply:* Hi @nramos! Fancy seeing you here! 😛
+125 new members this past week. Welcome, everyone! See the notes below from @Jason Bayton, who many of you already know 😁
@Antonio Maiello has joined the channel
@Mike Blackwelder has joined the channel
For those new to the Slack team, what do you most look forward to getting out of this community? Let’s practice starting a thread 🙂
*Thread Reply:* Not new, but I do look forward for best practice and latest updates on migrations, deployment etc.
*Thread Reply:* Gave this a pin too, hashtag visibility
*Thread Reply:* Looking at knowledge sharing and learn best practices when using an MDM solution and MAM solution.
*Thread Reply:* Looking for experience sharing in migrations from EMM to another EMM tool. Any migration tool available to connect EMMs to assess and proceed for migrations.
*Thread Reply:* @Pierre Michaud What you said:-) I guess some kind of pool to share knowledge. Maybe short descriptions of concrete use-case being solved in a nice an clean way (good security - user-friendly balance). But I am not too familiar yet with slack to know if it can serve as proper medium.
*Thread Reply:* @Ole Daugaard it's an interesting tool. Arguably a forum would be more suitable to fixed areas with these sorts of things, but we're looking at leveraging the website for roundups and resources, both internally and public
*Thread Reply:* @Jason Bayton Makes good sense. But yeah, everybody I know in like tech-startups are using SLACK, and it feels very easy to jump into and get instant response from someone in your team. I just need to get better at focusing on relevant channels, to not get overwhelmed by information. Which website are you referring to? 🙂
*Thread Reply:* Nice! I was unaware of its existence 🙂
*Thread Reply:* yay for the blog. We’re cracking out a ton of content at blog.eucse.com at the moment, more than happy to cross post if anything is deemed worthy! @Charlie @Joe McDonald
*Thread Reply:* Love that idea @Adam Matthews / @Charlie
*Thread Reply:* I think it shows the power of the network to craft our own, but also shed light on the blogs of others
*Thread Reply:* I absolute love trying to get those weird and innovative use cases ticked off and blogging about them! Sharing is caring!! :iloveyouhandsign:
What does everyone think of creating a generic channel called ‘Security’ ?
Good place to post various articles on mobile device security or other related stuff on IOT etc
*Thread Reply:* Sure that sounds like a good idea. Theres quite a bit of cross over so a place to discuss general security would help.
*Thread Reply:* Ok, I have a nice juicy article to share 😂
Don’t have the permission to create a public channel
*Thread Reply:* I just tried to, but security appears to be taken by someone or something
*Thread Reply:* Private channel names trump newly created public channel names. Womp Womp
*Thread Reply:* Yah with a dodgy underscore on the end :p
*Thread Reply:* poof Underscores, be gone!
*Thread Reply:* Round of applause for the man!
https://www.bloomberg.com/news/articles/2019-02-20/apple-is-said-to-target-combining-iphone-ipad-mac-apps-by-2021 -> Very surprised about this, until recently Apple has been very firm about not wanting to do exactly this...
Brought #security into existence @Jay & @Damian
Should we have a #foldablephones channel too? 😉
What is everyone's thought on the Galaxy Fold?
*Thread Reply:* Super expensive when it breaks!
*Thread Reply:* but that multitasking feature is WOW
Congrats to @Adrian Patrascu for getting the first blog post out on MobilePros.org!
https://mobilepros.org/2019/02/ios-12-2-changes-the-way-emm-enrolments-are-performed/
Head over to #mobilepros_org if you'd like to contribute 🙂
*Thread Reply:* Thank you Jason for your guidance on this article!
#lobby #ios_betas I have experienced an issue with iOS 12.2 beta3 . While creating an email ,validating recipient and while replying to an email the app(native) is getting crashed . Anyone experienced the same?
*Thread Reply:* MDM configured account or just any account? (I’m loading beta 3 now)
*Thread Reply:* Hi Mathew , It is an MDM configured account
*Thread Reply:* I left some feedback as part of the beta. Hopefully they see it in time
@Raymond Cuschieri has joined the channel
@here Taking advantage of the MWC in Barcelona, we wanted to offer to see each other for real 🙂 👇
HI All, new to the Mobile Pros community and thought i'd test it out with an WS1 query. Has anyone ever had any experiences with moving AE Setup from one OG to another? AE was setup in a child OG instead of the top level (correct me if people dont think this is the best place for DEP and AE to sit) and i want to move it to the top OG but dont want it to break the thousands of devices we have out there in the field
Welcome, @Ajay Patel! I forwarded this query into the #airwatch and #workspaceone channels to help get some traction
Thanks @Woody i was stupidly clicking the + button instead of clicking the Channels button so i couldnt find any channels! DOH!
LoL - I still do that every now and then. No worries!
Samsung is working on OEMConfig and has developed a single client library for KME + Zero-Touch https://9to5mdm.com/2019/02/samsung-is-working-on-oemconfig-app-common-client-library-for-shared-use-of-kme-and-zero-touch/
Welcome @cv, @Burghardt and @Barbra Conner!
Morning all, looking to get some objective feedback on technical differences between PingOne vs. Okta. If anybody has a view or challenges you may have faced in the past with implementation, would be great to know. Customer looking to integrate with MI Core. Txs in advance.
*Thread Reply:* @Paul Troisi While I can’t say much about Okta or PingOne, I can say that MI’s SSO/SAML integration in Core is weak
*Thread Reply:* It seems to be better with Cloud these days, strangely enough
*Thread Reply:* Yeah - Cloud is getting all the love
*Thread Reply:* I just never understood why they enabled SAML/SSO for Admin/User Portals… but not device enrollment flows. I mean, come on…
*Thread Reply:* I can’t speak for Okta/Ping but mainly SAML with Core. As woody said it was done at a VERY basic level of integration. You must maintain LDAP sync for users provisioning, there are few bugs in the way Core handles the request from the IDP. Even enabled with SAML, standard (local) login is possible when a user doesn’t have permissions on the federated account. This allows IMO to do a privilege escalation, so make sure there are NO local accounts with passwords known by other people than the local super admin account
*Thread Reply:* Txs for your reply @NicolasR
*Thread Reply:* So clearly you recommended Okta, right @Paul Troisi? 😆
*Thread Reply:* That is what I am shooting for, but One's pricing is half the cost of Okta. I am trying get justification to go that route. But that is proving difficult to come by!
*Thread Reply:* Sadly, with the MI integration it isn’t going to make much difference
*Thread Reply:* However, I would sell on what’s to come after MobileIron
@Ajay Patel just seen your question, when you say “AE” are you referring to “EA” which is Exchange ActiveSync? Its best to configure Profiles/Payloads at the top OG and then leverage Assignment Groups to distribute accordingly.
Hi @EUC_Junkie no i was referring to Android Enterprise configuration. Which has kindly been answered in the AirWatch Channel
Samsung KME disruptions: http://status.samsungknox.com/
@Michał Kacprzak has joined the channel
I've found the Slack Mac App, this could be dangerous for me. I like to chat a bit.....
It's just an electron wrapper around the website by the way 😉 But I use it too as it's handy to see the notifications in the dock.
I'm using Franz (meetfranz.com) so you can chat in different systems from within 1 app
*Thread Reply:* Oh nice! I've been looking at something like this for a while.. But I'd want it on Mobile as well as desktop, and with centralised storage so I can pick up the messages wherever I'm logged in.. But this is coming close!
*Thread Reply:* I've been trying with Matrix and various protocol bridges, and Quassel IRC with Bitlbee for protocol bridging, but both are too clumsy and messy to set up and keep working when protocols change..
*Thread Reply:* I wonder how they do the Whatsapp integration by the way as they're actively blocking any integration with other services.
*Thread Reply:* How is this not just the next iteration of email? LOL
BTW, AirWatch is now #workspace_one (powered by AirWatch LoL)
Hi folks, Thanks for the invitation here. To introduce myself, I’m Yoann GINI, CEO of Abelionni, a french based consulting company doing external CTO/CIO activities for SMB, and advanced mass management scenario for all kind of customers on Apple devices (and Windows too but only modern, with Autopilot). I also do custom software development for IT needs, reverse engineering on macOS, and I’m regular speaker to both EU and US Apple admin conferences. This also lead me to do consulting services for software editors that want to do things right for the distribution (proper packaging on macOS, support of AppConfig, private B2B distribution over VPP, etc.). For us at Abelionni, Device Management come with Identity Management, for more than a year now, each device management project we have is always linked to a need of identity management (both modern SSO with SAML and lifecycle with automated on/offboarding process based on HRIS). If I can help in any way, feel free to mention me
*Thread Reply:* Good to see you here Yoann ;-)
*Thread Reply:* French community is growing 😂👍🇫🇷 Bienvenue Yoann 😉
*Thread Reply:* Welcome @ygini, great to have you!
Posting here for want of a better channel...
Does anyone here use TeamViewer for remote support of mobile devices?
*Thread Reply:* Thoughts? Good/Bad/Ugly?
*Thread Reply:* I'd only say try it. I use it casually with the family rather than corporately. It works fine for me on Android
*Thread Reply:* Intune has direct integration into TeamViewer... So would be a nice support flow...
The cost and licensing model seem jenky.
*Thread Reply:* MobileIron the same, haven't seen that actually in use to date though
*Thread Reply:* @Simon Hardy-Bistagne, Intune has the integration but at the relevant licensing and I am not sure it gives a massive benefit. Remoting to a device goes like this: you locate device in Intune, click "New Remote Assistance Session", which eventually will bring TeamViewer application to focus with a invitation sent to the device. The frustrating part is at the customer side, where you have to ask them to open Company Portal and check the little notification flag to accept the remote session. Our support team finds it easier to ask the customer to launch QuckSupport and have the TeamViewer ID provided over the phone, entered straight in the Partner ID field of TeamViewer app. Surely someone out there might prefer the Intune way. Also, while experience on Android is very good, including remote control, on iOS you are just an observer and that's if you manage to broadcast the screen - we experience massive issues till TeamViewer option appears in the Screen Broadcast menu (iOS 12, still to find a consistent solution to the problem). Once TeamViewer option is available in Screen Broadcast, it works okay on following remoting sessions. Lastly, screen capture restrictions affect the app capability.
*Thread Reply:* TeamViewer integration with MobileIron is fine. I had few customers using it. Some others already used teamviewer before deploying MobileIron
*Thread Reply:* MaaS also has the teamviewer integration... and resell... I see a theme here
I’ve used Bomgar on occasion for iOS. That’s it.
@Thomas van Schie has joined the channel
Has anyone heard anything more concrete about this apparently very serious Chrome vulnerability? This post from a Chrome developer is gaining traction in mainstream media: https://twitter.com/justinschuh/status/1103087046661267456
I wonder if this is just CVE-2019-5786 (fixed in 72.0.3626.121 - current stable) or something as of yet unknown? https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
@Hans Kraaijeveld has joined the channel
@Daadi Rajesh Babu has joined the channel
Has anyone tried the new OEMconfig app from Samsung; Knox Service Plugin? I'm wondering if/when they will include the rest of their API's - They seem to have focused a lot on DeX.
Hey @Woody saw this earlier on LinkedIn 😉 https://www.forbes.com/sites/stephenmcbride1/2019/02/08/this-small-tech-stock-has-100-million-customers-and-i-bet-you-havent-heard-of-it/#446e54ad2070
*Thread Reply:* Ha.. now where did I put my investment site login details 😉
@Sébastien Debaille has joined the channel
Hello everyone, it would be really helpful if any one can share the low level diagram for the Citrix xenmobile on premise and cloud topology
anyone know how to create a label from a csv?
Create an AD group. Add members from the csv file using a script. Add Group to Core and create a label...
why does mobileiron force the limit adult content when i just want to block one url?
*Thread Reply:* They are limited by the iOS management APIs which either let you block sites by their tag as "Adult Content" (which is rather arbitrary) and then blacklist specific URLs in addition to that.
I believe the autofilter boolean must be set to True (which automatically either limits adult content or blocks everything and only allows whitelisted URLs) for the blacklist to work. It is the same way if run in Apple Configurator - the blacklist only appears if "Limit Adult Content" is set
ICYMI: https://www.forbes.com/sites/kateoflahertyuk/2019/03/10/citrix-data-breach-heres-what-to-do-next/
https://arstechnica.com/gadgets/2019/03/the-galaxy-s10s-face-unlock-fooled-by-pictures-siblings/ Not surprised... It's a shame they dropped the iris scanner. Though I never use it much, I'm always a bit worried about the effect of so much IR light in my eyes 🤩
*Thread Reply:* We've been in discussions with Samsung and they say that they encourage users to use the onscreen fingerprint reader. Of course you cannot restrict users from using Facial Recognition unless you are use KME. My company's Risk department has a big problem with this security flaw and Samsung doesn't seem to be "getting it" or taking it seriously for some reason
just received my S10+ for testing purposes! lets see what this bad boy can do
any suggestions on how to find all the channels in this overall workspace?
Click on Channels: it will list all available channels
what MDM’s / UEM’s support management of Linux machines? I believe WS One does, MaaS360 doesn’t but i’ve been told BigFix does. Any with experience able to shed some light on what are some of the fundamental requirements for machining a Linux machine?
WS One doesn't.. It's quite complex anyway due to the differences between distributions. Each distribution is like its own OS. We have a bit of everything in our organisation. We've been looking at it but it's a very difficult topic to tackle and no great out of the box solutions that I could see.
I can’t speak to what distributions are supported in SOTI but here is their brochure
and for what its worth, I did successfully enroll a Raspberry Pi last year
I looked at Centrify also for integration with AD/Azure AD logins. But it's very expensive.
@Bartosz Leoszewski has joined the channel
@Michal Koziel has joined the channel
Welcome @Bartosz Leoszewski, @Michal Koziel @Kyle Johnson. @Mitt and @Batish!
Sharing @Jason Bayton’s tips/tricks for our newcomers 😀
This link is for the Android partner summit 2019 slides. If you want to see what they will be discussing
*Thread Reply:* Thanks, super useful!
Hi all and thanks to @Jason Bayton for info about this community.
Happy Saint Patrick’s Day to all! ☘️
*Thread Reply:* How very dare you 😂 :flag_wales:
*Thread Reply:* Ah 2009. When blackberry was relevant.
😋
*Thread Reply:* I have the same one along with certified server specialist and solution designer! Domino or Exchange? 😝
This: http://iosbrain.com/blog/2018/07/05/new-in-ios-12-implementing-provisional-authorization-for-quiet-notifications-in-swift/ is cool
*Thread Reply:* Agree! It’s super useful when they actually do implement. Few and far in between though
*Thread Reply:* Great! Threading this to avoid blowing up lobby notifications for everyone 😁
*Thread Reply:* There are a litany of channels for specific topics. Such as #mobileiron #workspaceone #microsoftintune, etc
*Thread Reply:* Ok thank you. I will look at the channels
@Alexander Weinert has joined the channel
@Konstantinos Leivadaros has joined the channel
Hi All, Is there a way to disable admin account if they have logged in for a certain period of time in Airwatch
*Thread Reply:* @Ash Not at this stage. However this can be achieved using Powershell and reset API scripting.
*Thread Reply:* $url = Read-Host -Prompt 'Input your server name' $urlMethod = 'Get' $username = Read-Host -Prompt 'Enter the API username' $password = Read-Host -Prompt 'Enter the API Password' $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, ($password | ConvertTo-SecureString -AsPlainText -Force) $contentTypeHeader = 'application/json'
$apiKey = Read-Host -Prompt 'Enter the API Key' $acceptHeader = 'application/json;version=2' $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" $headers.Add('aw-tenant-code', $apiKey) $headers.Add('Accept', $acceptHeader)
$ws1admins = Invoke-RestMethod https://$url/api/system/admins/search -Headers $headers -Credential $cred -Method $urlMethod -ContentType $contentTypeHeader
*Thread Reply:* This is the basic script to retrive all admin users
https://www.helpnetsecurity.com/2019/03/20/imap-based-password-spraying/
*Thread Reply:* Yes I heard.. We already checked, luckily we have no IMAP accounts.
*Thread Reply:* IMAP on clients that do not support Modern Auth (and MFA) = Bad. Anyone know of a way to allow only certain IMAP clients to access in GMail/O365?
*Thread Reply:* In G-Suite, IMAP is used in two ways:
*Thread Reply:* Thanks @NicolasR - I had been peeking around inside my personal tenant, but hadn’t yet come across the Google Sync entry
Any appetite for a buy&sell channel? I've an absolute tonne of stuff to get shot of, phones, computers, components...
Cool, done #buysellswap
@Roland Stadlmeier has joined the channel
Should we consider disabling the @ here and @ channel tags? This is starting to become a large group
If they're used carefully I don't think it's a bad thing.. (PS: This is more a topic for #meta I think)
*Thread Reply:* oops, couldn’t find a general so figured this was best
*Thread Reply:* No worries I was just saying saying for future reference.
If I see more complaints we’ll definitely consider it
*Thread Reply:* I’ve been pinged a few times for things that really don’t need a tag. Will keep an eye out for now
To all the mobility experts in ths group, I have a prospect that is asking about comparison of proprietary PIM containers. Looking for objective feedback for containers that may include, but not limited to, Email+ (MI), Boxer (WS1), etc. No answer is frowned about and am looking for honest feedback I can discuss with the prospect. Do you have a thought????
*Thread Reply:* Don't forget Microsoft MAM-WE (mobile application management without enrollment). I know a little about many of them, but not a lot of depth.
*Thread Reply:* MaaS360 Secure Container is also an option
*Thread Reply:* Blackberry Works was working pretty fine the last time i used it...
*Thread Reply:* I like MAM-WE that Andrew mentioned. MS Outlook does the job well and protects its data. We don't use any others even though we have WS1 we never used Boxer as it's just another dependency 🙂 We like to keep things simple.
*Thread Reply:* Generically, remember that with any container the limiting factor is the container software. What I mean by that is that the only software that will be "in the container" is the software that includes the container software built in.
*Thread Reply:* This isn't an issue if you only care about email.
*Thread Reply:* but if you want to allow things like "take an attachment from email, and let them post it to slack, but don't let it outside the container" it becomes problematic.
*Thread Reply:* So understanding the use cases of the devices is paramount.
*Thread Reply:* Yes if you need to do that it would be better to go full work profile and just only allow apps in it that you want to share things to
*Thread Reply:* Thank you everyone for chiming in. The prospect is primarily looking at usability of a fully-functioning PIM solution. I know some have limitations around notification services, DLP controls, etc. From a usability perspective, anybody have an opinion in terms of ease of use, capabilities and/or gotchas with the solution? What about traction with apps like Outlook or Nine Work vs. proprietary UEM containers?
*Thread Reply:* I can only speak to MaaS360, but we have a full fledged PIM product. We put a lot of focus in our container so we're always expanding around it, but we support all advance EWS functions (native doesn't offer this) like calendar attachments, delegation, availability, notifications, etc. We also support a native like experience to make it easy. Everything from cert auth, MFA, S/MIME is also all supported. On top of that, we offer a slew of DLP controls via policy that can be customized.
*Thread Reply:* Make sure that you're also evaluating document handling. Email is fine, but if I can't open the word attachment sent to me, it'll be a non-starter. I suspect most of them do well enough, but you'll want to be sure.
*Thread Reply:* Agreed Andy! Thank you for your insight Jesus.
*Thread Reply:* BlackBerry Work is a really solid secure container solution - I’ve been using and managing it for around 5 yrs now and it comes from the leader in security. BlackBerry also provides their own native Notes and Tasks amongst other apps and auth is transparent via KCD.
*Thread Reply:* Let me know if you have any other questions !
*Thread Reply:* There are several good PIM MAM Solutions out there. But when it comes functions like SMIME, AIP/RMS, Document view and edit, Kerberos, SAML/OAuth, MultiOS things get complicated. So what are the use cases and technologies the customer wants to use now and in future?
*Thread Reply:* You could also check SecurePIM
*Thread Reply:* We're about to test inTune MAM here. We're being asked by the security audit team on what specific anti-malware protocols are put in place by inTune. We've asked Microsoft but they are essentially sales rep and are giving us a very vague answer. Does anyone know any specific malware functions that are utilized by intune MAM?
*Thread Reply:* I posted in the general thread, but intune mam has no anti-malware capabilities. They partner with companies like mine (Lookout) to provide that.
*Thread Reply:* there is only jailbreak/root detection in intune, but I dont know how good it is
*Thread Reply:* Are you only interested in PIM containers or data protection solutions such as SecureContact X Business https://itunes.apple.com/de/app/securecontact-x-business/id1450074955?mt=8) or GALConnect (Android only)?
Interesting new article by @Jack Madden (includes nice mention of my product) - discuss: https://www.brianmadden.com/opinion/Does-unified-endpoint-management-need-user-environment-management
*Thread Reply:* I never thought much about UEM (User Environment Management) in this context. But I think Jack’s proposal to expose the entirety of settings for the iOS Settings App within AppConfig, for supervised devices, is brilliant. That would set a new standard for centralized configurability and control for organizations that need it.
*Thread Reply:* Thanks, @aaron. I’m sure AppConfig for Settings could get a lot of enthusiasm in this forum. Curious to hear what everybody thinks.
*Thread Reply:* This is brilliant. Who do we need to call to get this started?
*Thread Reply:* Interesting, thanks! I'll have a look
Any one had all the Custom XML for TC51 - AirWatch Resource
@Christian Märkel has joined the channel
Hi, can en manage the Panasonic tough book with Airwatch, ?
*Thread Reply:* Android and Windows 10 Panasonic Tough books can be managed by AirWatch (Now called Workspace ONE UEM) you can join #workspace_one as well
@Ankit Mishra you might want to post your question in the #workspace_one channel and post the OS of the device
Curious what the mobile-focused people on this channel made of the "Bezos' phone hacked by Saudis" reports. As someone who has been selling mobile security solutions for years, I'm all too familiar with the response, "show me an example of a breach coming from mobile." - well, as you might imagine, I've been reaching out to a bunch of those folks over the last few days...
*Thread Reply:* I think the story would be more interesting if it had actual detail to back it up. The way it is now it just sounds like an excuse.
*Thread Reply:* Hacking is a glamorous term for not so glamorous methods. I bet they used some social engineering to get to them. Just speculation.
*Thread Reply:* Any idea if he has an iPhone or an Android?
*Thread Reply:* Due to Amazon's long standing relationship with and embedded use of Android OS, I'd be a little surprised if he didn't have something like a Samsung S10 - but can't say for sure. He could be holding on to an Amazon Fire phone...but not likely!
@channel great read here (not just for MobileIron customers) - Microsoft's power play - Office 365 - https://www.mobileiron.com/en/blog/Microsofts-power-play
*Thread Reply:* Probably don’t ping 700 people to read an article…
Hi everyone! I'm wondering why people don't seem to use threads here very much. Is this a training opportunity or just the culture here?
If you are responding directly to a conversation you should always use a thread otherwise the content overall in this channel is just a jumbled mess. Anyway, that's my 2 cent contribution for the day. 😉
*Thread Reply:* For my experience, this community uses threads more than some of the other Slack boards I’m on. I imagine it’s a function of how busy the channels are. For low-traffic channels, threads can be harder to manage. For high-traffic channels, threads are clearly better, even if they are just a little more difficult to use. I don’t think Slack has really integrated threads into the experience, not yet at least.
*Thread Reply:* I know @Woody loves talking about threads :)
*Thread Reply:* All I’ll say is that I agree and as @aaron said, we’re getting there! It’s just a matter of being cognizant that a conversation will be lengthy and responding in a thread should be done from the get-go.
*Thread Reply:* I’m a big thread fan to keep the conversations organized
@Karim van Uggelen has joined the channel
@Stanislav Vinogradskiy has joined the channel
Hello everybody, I am happy to be part of this slack. Is there a group in which I can name an app for a Secure Contacts container to get feedback on what you think about it ?
Saw this post on Linkedin (thank you @aaron for commenting on it). Really interesting insights into scaling management of a specific OS throughout a global user base and having to deal with numerous obstacles in doing so. https://eng.uber.com/scaling-mobile-device-management-at-uber/
*Thread Reply:* What I’m most curious about is how Erik Gomez get’s corporate leadership to back his brilliant ideas. He did equally incredible work at Pinterest.
Anyone working with MaaS360 hitting headaches with DO mode enrollments preparing for API Deprecation? Things like MaaS360 pinning the M360 app, prompting enrollment, but if the device is rebooted, M360 app is just in the catalog, user has no reason to complete enrollment
*Thread Reply:* Justin I’ve copied your post to the #maas360 channel. 👍:skintone2:
Curious - Anyone played around with Palo Alto Aperture?
Congrats @Jason Bayton https://bayton.org/2019/04/im-joining-social-mobile-as-head-of-android-enterprise/
*Thread Reply:* Nice one - good luck in the new role!
@Philipp Kabelka has joined the channel
@Jacques Aing has joined the channel
Any one idea on Tagging a device on completion of product Status on device end - So Tag can be used to move the device to move to next level of OS Upgrade - in AirWatch
*Thread Reply:* This feels more like something you would want to do with a Compliance Rule. What is your scenario?
Hmm you can make a custom attribute and then deploy the next product based on the return value @Sanghavi
Unfortunately you can't create a tag based on custom attributes. Big feature gap imo. But you can use it for the old style products
Any recommendation on shorter online/live online/on demand project management courses? Should be aimed on IT consultants/architects, I'm not going to be a dedicated PM. I find myself leading many smaller projects and would like to get better "tools" to deal with it! 🙂
Congrats @Jack Madden on the AE Newsletter feature!
*Thread Reply:* Thanks! Though I have to admit that I’m not quite sure which newsletter you’re referring to 🙂
*Thread Reply:* The Android Enterprise Partner Newsletter for April featured a link directly to your article about the enterprise specific features of Android Q
*Thread Reply:* Oh cool! Thanks for sharing!
Any Help on TC-51 from M2O upgrade using AW With Run Intent / Custom
@Scott Borcherdt has joined the channel
@pihlapuro has joined the channel
@Kimmo Summanen has joined the channel
@Stefan Feicke has joined the channel
@Dominik Schmid has joined the channel
@Brandon Nesbitt has joined the channel
@Marko Koponen has joined the channel
hi to all. I have one question to remote management of Android device. Workspace ONE Advanced Remote Management is currently supported for Android (Legacy, Managed Device, IOS and Windows CE\Mobile). My question is which tool are you using for remote management for Android Work Profile devices and is possible to see both personal and workspace part or just personal?
*Thread Reply:* With Work profile, you are only allowed to allow applications that are on the public or private Google Play store. Google has a habit of denying applications that use remote control APIs to be published to the play store. I’d be interested to know if anyone has found one that is still up.
@Daniele Crippa has joined the channel
@Timothy D has joined the channel
Hey Mobile Pros, question for Android Enterprise and Private Apps. If you have uploaded a Private App to the Play Store with an MDM with AE enabled, is that packagename now been consumed forever? I have uploaded an app to a dev environment then deleted it and believe I won't be able to use the said app in the production environment (separate AE config). Do I have any other options outside of speaking to the developer to change the package name? KB Article: https://support.google.com/googleplay/work/answer/9146439
*Thread Reply:* Hi, the only way to upload the private app in production environment is to change the package name. I confirm you because we had the official answer from Google on this issue.
*Thread Reply:* you can transfer the app from the dev to the production account: https://support.google.com/googleplay/android-developer/answer/6230247?hl=en
*Thread Reply:* Package names can only be used once, and private apps can't be made public by design, interesting to hear if they'll do a transfer but I wouldn't count on it
*Thread Reply:* so can we anticipate a future market of package name selling from folks that reserve package names with placeholder dummy apps for themselves?
*Thread Reply:* I wouldn't count on it. They don't much matter in the grand scheme of things.
*Thread Reply:* Thanks for the reply guys! Will need to change the package name 😞
@Thiemo Scherle has joined the channel
@Pradeep Purohit has joined the channel
@Poornima Devendra has joined the channel
@Sebastian Randig has joined the channel
Has anyone seen a workaround to the CarPlay joining WebEx calls issues? @PhilR
Hi Tom - I haven’t but, have you tried joining the WebEx and then connecting to Carplay?
Just moving this here from AE channel as its a different point. So many of us will have now seen the news are Google's decision to restrict Android licences to Huawei but here is another thought: https://twitter.com/fjeronimo/status/1130361433798189061
*Thread Reply:* The thing is I doubt this a decision Google want to make. Despite their power they still have to abide by the laws of the US and their hand has been forced by the Trump administration when they added Huawei to a list of companies that American firms cannot trade with unless they have a licence.
*Thread Reply:* Oh I totally agree its not a Google decision and ultimately not one that would have wanted at all. The outcome could impact their business as well in the long run.
Good to see @David Coleman on here. How's life at Google?
*Thread Reply:* Hi @Andrew Montague I am good... Trying to take it, all in. How are you ?
*Thread Reply:* Nothing much has changed at the moment, still working hard on getting deployments out of the door!
Just here, and created a new channel Knox_Manage
that’d be a private channel Bob. If you delete it out I’ll create a public version
So to follow up on @Mark Vonk's post in #conferences - who is attending the London Android Summit this week? Looking to arrange a meetup on the Wednesday lunch time!
https://www.blog.google/products/hardware/glass-enterprise-edition-2/
*Thread Reply:* I asked guys at Google for one
They responded "not before us!"
@Juan Olivares Jr. has joined the channel
@Roberto Arredondo has joined the channel
I've always been curious about projects to manage fleets of AR headsets with MDM.
*Thread Reply:* Walmart just did a huge rollout with this, they use it for training.
Best folks in the biz for managing AR with MDM are the guys over at 42Gears
*Thread Reply:* https://www.42gears.com/ they're a partner of ours, we have a few Android-centric clients that utilize their SureMDM, they're doing pretty crazy things in the Android space too, that I don't see any other MDMs having. They talked to us a bit about the VR deployment and are pretty jazzed about where VR is going in the enterprise - I'm sure they'd be happy to chat
@Brett Collacott has joined the channel
Any help on ADB Logcat cmd on device boot and reboot sequence of the device
Capturing the events for the device on boot-up
Use LiveBoot - turn off root detection before using.
Hi everyone. If you have Airwatch related queries feel free to let me know and I will do my best to help.
What’s AirWatch?
*Thread Reply:* To be honest I am struggling with the continuous VMware product name changes as well. AirWatch Browser -> VMware Browser -> WorkspaceONE Browser etc. Even VMware still use AirWatch in some of theirs presentations instead of WSO UEM. I heard “AirWatch” a lot of times during this year’s VMware Empower 🙂
*Thread Reply:* I can’t let it go and start calling it with a new name. It took me ages to stop using “android for work” 😁
*Thread Reply:* especially when you can still enroll with AFW#….
*Thread Reply:* toke me a second to realise why I can’t find a channel for AirWatch :face_palm:
*Thread Reply:* You forgot Web - Workspace 1
*Thread Reply:* I especially don't like the name change because it's confusing for users. AirWatch was a common name that everyone knew. VMware is associated with other stuff and "Workspace One" has absolutely no meaning to people.
Let alone "Intelligent Hub" that is so much less descriptive than Airwatch Agent and confuses the hell out of people who download the WS1 app instead 🙄
/poll “Where are you from? Please participate.” “Americas” “Europe” “Asia” “Africa” “Australia”
@Julien Deroche has joined the channel
I've been asked to report on BYOD, COPE, COBO and all the relevant security, management, cost and user considerations for our organisation (all policy is going back to the drawing board). Google yields plenty of results for data but does anyone have a special resource for this at all? Like a industry whitepaper?
*Thread Reply:* Head to https://academy.exceedlms.com/student/catalog, there you will find solid explanation of AE. Should be a good start. I would work backwards from the business requirements as it will greatly influence your choice of EMM and Management Modes.
*Thread Reply:* https://insights.samsung.com/2018/05/09/byod-cyod-cope-cobo-what-do-they-really-mean/
*Thread Reply:* Thanks guys! I found some great industry white papers as well in case anyone needs them:
https://www.telstra.com.au/business-enterprise/campaigns/workforce-mobility-whitepaper
https://www.samsung.com/us/business/short-form/maximizing-mobile-value/
@Mitch Teichman has joined the channel
@Mohamed Mouline has joined the channel
@Mashab Anwar has joined the channel
Random one but has anyone come across or used ScaleFusion?
@Jay I have under their old moniker of MobiLock Pro
Was a "me too" small time MDM a few years ago
ScaleFusion is a more impressive name.
Ok interesting.. just had them reach out and I hadn't heard of them so wondered where their customer base was? I see they cover usual OS support.
They’re out in India indeed, I believe they’re hanging around in here somewhere too.
@Petter Österling has joined the channel
@Jeremy Gould has joined the channel
Obligatory welcome to new faces! As always you’ll see very little when you first join, please check out the channels for interest-based content, such as #apple #workspaceone #androidenterprise and more. Channels are available on the left-hand side
*Thread Reply:* Wowo, I didn’t know that “browse all channels” was a thing—will definitely be useful!
@Adam Stephenson has joined the channel
@Anthony Ridley has joined the channel
@Simon Thomas NZ has joined the channel
@Martin Anroechte has joined the channel
@Keith Metzger has joined the channel
@Brian Irish has joined the channel
@Gerardo Rangel has joined the channel
@Guillermo Porcaro has joined the channel
@Nefertiti Stanford has joined the channel
@Daniel Milholland has joined the channel
@Margaret Radford has joined the channel
@Bhaskar Chandra has joined the channel
KME / Zero Touch question, Any way to enable WiFi if the device has a sim in, I know I can take the sim out but it seems daft to use mobile data when WiFi is available?
*Thread Reply:* @David I just want to confirm are you using Samsung KME or looking to use Android zero touch. Want to confirm platform for zero touch that is being used and can you confirm the devices
*Thread Reply:* Hi Michael, it's KME on Samsung devices but I know they have integrated the libraries.
*Thread Reply:* Thanks, hang tight, let me pull out a Samsung device to look at and test really quick
*Thread Reply:* Yeah normally going via data requires an explicit tap and WiFi should be offered
*Thread Reply:* Also please don’t ping the same message across multiple channels. This would be best placed in #android_enterprise for future ref
*Thread Reply:* @Michael Goad Will have to try again tomorrow, Thanks for your help
*Thread Reply:* @Jason Bayton sorry just getting my head around slack not even sure how to find different channels yet
*Thread Reply:* So on my S8 with P I click Go, then agree to the license agreement then it says checking details then show the setup your device screen and EMM client. I can't see anywhere to select a WiFi network and can't swipe down to reveal settings during this process, when does the WiFi screen show up for you?
*Thread Reply:* Remove it from KME/configure and try again?
*Thread Reply:* Really odd, I just don't get that screen, will reset and try again, thanks for the video
*Thread Reply:* Still the same, can only get WiFi page during setup if I remove the sim or the KME profile, might have to escalate, thanks for all the help
*Thread Reply:* Finally got a response from the KC team "So the flow you are seeing is expected behaviour on all P devices. There is a change coming for DO-enrollments in KCS 1.23 where there will be a LTE warning screen that will ask the user if they want to connect to wifi or continue with LTE. This will be only for DO-enrollments for now."
@Marvin Martin has joined the channel
@Timothy Byler has joined the channel
@Zachary Shanholtz has joined the channel
@Paddy Baxter has joined the channel
@Andrew Dawson has joined the channel
@Daniil Michine has joined the channel
@David Washburn has joined the channel
@Jean-Charles Godard has joined the channel
@Pierre Laurier has joined the channel
@Nathan Pastor-Lutzo has joined the channel
@Celestino Cortés Bustos has joined the channel
@Christopher Saulino has joined the channel
Looking for any ideas to support my helpdesk. Can't buy them all devices, what do you guys use? Remote viewers, emulators?
*Thread Reply:* @David F, not sure if this is what you are looking for but SOTI offers a helpdesk solution that's integrated with our EMM solution. Help desk agents can remote control Android, Windows, Mac, and Linux devices and remote view iOS device from within a help desk ticket. If you want more information, let me know.
*Thread Reply:* @Suneil Does SOTI work with ServiceNow?
*Thread Reply:* @Justin Parlette, it does not have out of the box integration with ServiceNow yet. However, we are publishing Public REST APIs in a version to be released this Fall.
@David F we did regular shadows sessions with help desk SME/Leads. Worked with them to create questionnaires/templates. This is ongoing process which is constantly reviewed. They also build their knowledge base/handbook noting down all possible scenarios. They then trickle down the knowledge to junior team. Our 1st line haven’t even got remote access, only the 2nd line.
for win10 devices they use Skype for business as a “remote tool”
having regular training/shadow sessions and having good comms channel is the key,
@David F We use OpenSTF for Android devices, I can really recommend it. It's amazing and free. https://openstf.io/ . It connects over USB (ADB) to the devices so you can even disconnect them from WiFi to test out different connections, and it'll keep working.
Unfortunately for iOS it's not as easy... They generally just use documentation. For us the L1 don't get hands-on experience anyway, they're just scripted 🙂 The L2 guys have their own devices also I believe.
@Anthony Tedesco has joined the channel
in case anyone cares I think I just stumbled upon a Farmer-facing MDM solution: http://dealercrops.com/Plans
this is wild haha
Curious - Is there anyone using GSuite that’s ever needed to access an account for a term’d employee without re-activating all the network accounts? Something like a back-door into your Google tenant to sign-in with that account separate of your IdP, etc?
*Thread Reply:* You should be able to do that from the Google admin console. Just reactivate the service (which will reactivate that as a billable account) and manually change password
*Thread Reply:* @Matthew Shaver I follow the re-activation bit, but how would I access the acct without being redirected to SSO for our org?
*Thread Reply:* I would create an exception in the SSO settings for that user (since you’ve changed the password and they’re deactivated anyhow, no harm in this that I can think of). Are you using the Google native SSO or a third party identity manager? If it’s via Google you should be able to get in as the user once the password is reset. Third party I guess it will depend on the feature set
@John Zmyslowski has joined the channel
@Shaelyce Allen-Williams has joined the channel
@Philippe Tétreault has joined the channel
@Craig J. Johnston has joined the channel
Is...uh...😅 is anyone @here using BES12?
*Thread Reply:* BES is still a thing? 😮
I'm afraid not sorry.
*Thread Reply:* i still have a lab environment we have a few banks/law firms using it
*Thread Reply:* Gov contract opportunity (that I don't want anything to do with) and I'm trying to figure out why BES12 is #1 on their Want list
*Thread Reply:* BES12 strenght reside in theirs secure applications, previously nammed Good Technology. Their PIM Client was one of the best in term of security few years ago.
*Thread Reply:* if they are looking to leverage BlackBerry dynamics and their container then there is a potential argument here that it is one of the strongest/secured containers with more functionality than the likes of WS1 Boxer for example
*Thread Reply:* Install a few BES12 last year, i had to read theirs security white paper 🙂
*Thread Reply:* i still have a slight love for BlackBerry deep down 🙈
*Thread Reply:* Those keyboards - I could type blind folded on my old BB 8700
*Thread Reply:* @Ajay Patel encrypted containerization is high on their requirement list - do you have any reading materials or point me in the right direction on how BES differs from WS1 / MI ?
*Thread Reply:* Working on it everyday;) but as mentioned by @JmB the secured containers are the best in securing the data for byod and other methods. I know some government as forced to use the secured containers which where know formely Good Technology before it is aquired by BlackBerry. It is now called blackberry dynamics
*Thread Reply:* It is still valid. This version is only missing the feature direct connect where you can bypass the noc.
*Thread Reply:* also one of the very few that stands by their On-Prem deployments with cloud being second best (although feature parity has greatly caught up and is typically only 1 release or so behind)
*Thread Reply:* I assume they mean BUEM 12. It is still being used, primarily former BES customers and customers with high security needs. For instance, lightout installation (no internet connection) and BUEM can be set up to without any incoming connections using the still relevant BlackBerry infrastructure.
*Thread Reply:* ya'll are the best - thank you!
*Thread Reply:* Blackberry is really just Good Mobile with new sheets on top 😉
*Thread Reply:* GoodBerry as people refer to it nowadays haha
*Thread Reply:* I always wanted to start an MDM of my own and just call it "Better"
Are there any Samsung (Manage, KME, Configure, EFOTA) channels?
Well, i cant create public channels, only private. Which i did and now cant delete the private channel 😅 looks like the permissions are somewhat off..
*Thread Reply:* invite me into it and I’ll bin it off 👍
Oh that's strange, maybe @Jason Bayton can help? I think the rights have changed - I created the #macos channel before but now I can also only create private ones.
Yeah had to restrict as we’re a lot of people and loads of nonsense channels were showing up 🙂 PM me the channel you want to create and in future requests can be made in #meta
*Thread Reply:* Posted it in #meta
Chanel #samsungknox is now created, where you can discuss every Knox related product like KME, Knox Manage, Knox Configure and E-FOTA. Also the EOL product Knox Premium(SDS)
@Ville Raassina has joined the channel
@David Greetham has joined the channel
Welcome, Newcomers! @Ville Raassina, @Victor and @David Greetham
We're teetering very close to 1k members. That's madness
@Sunith Mandalia has joined the channel
Thank you setting up this great resource!
@Bill wins best avatar award
Hello everyone ... newbie here. Thanks to Matt Shaver for the info about this community.
Welcome @Ray Domingue, @Sunith Mandalia and @Bill 👋
AND! @M Awad, @Marc Lipscombe and @Steven Benton. Feel free to give us a brief intro about yourselves if you like. #sidebar is a great place, if you don’t care for such a large audience 🙂
@Michael Troelstrup has joined the channel
A warm welcome to @Michael Troelstrup, @Ted Wilson, @Chris Leduc and @Ira Grossman 👋
@Torben Volkmann has joined the channel
@Chetan Thakker has joined the channel
@Christoffer ST has joined the channel
@Johnathan Campos has joined the channel
@Josh Thompson has joined the channel
@EUC Jedi Master has joined the channel
*Thread Reply:* We have a Jedi amongst us 😁, welcome Tu
*Thread Reply:* Working on it @Jason Bayton! Been pretty slammed the past couple weeks. Oh, and 4th/Final kiddo due tomorrow… so #HoneyDo list is at an all-time high
*Thread Reply:* Oh dude 😁 congrats in advance!
*Thread Reply:* Thx @Jason Bayton! All is well. I’ll get some visuals in #sidebar a little later on
*Thread Reply:* Congrats @Woody! I like how you said Final lol
@Simon Buckley has joined the channel
@Mr.Anderson has joined the channel
@Daniel Vodrážka has joined the channel
@Jeremy Malone has joined the channel
@Philip Rinehart has joined the channel
@Nicolas SEVERE has joined the channel
For all the Americanos in here, have a great holiday! Thanks everyone for their help and input!
*Thread Reply:* I guess that this is something you didnt want to post here 🙂
Who is using some kind of Phone/Tablet recording stand to record manual steps on the device? Where can i buy one?
*Thread Reply:* Hi Marc, for Android devices I use Vysor, it's a great tool for mirroring&controlling the mobile device connected to your PC. For recording purposes you need to buy a premium account: https://www.vysor.io/, but for screen sharing options you can use the free version, with adds every 30 minutes or so.
*Thread Reply:* That's an software solution, we sometimes need a real stand. Something like this but more stable/better. https://www.amazon.com/Overhead-Adjustable-Recording-Photography-Broadcast/dp/B07QS412P1
*Thread Reply:* I just use something to prop up a phone and sit the other under it, noting fancy 😉
*Thread Reply:* For $17 I don’t think you can go wrong with that stand you posted Marc.
@Vlastimil Turzík has joined the channel
@Ondrej Zerzanek has joined the channel
Hi all! I’m guessing there was a conference and our forum was mentioned?
*Thread Reply:* I talk about it on all my webinars these days.
@Conradin Candrian has joined the channel
@Ashish Gujarathi has joined the channel
this is for on-prem AirWatch and iOS 13 - https://kb.vmware.com/s/article/74668
*Thread Reply:* You may want to move this to #workspace_one for that specific platform.
@here Hello guys, any idea on how to synchronyze all professional phone number with a EMM without a mail profile ? All the numbers are stored on the Active Directory but users are using 4 differents mail services (GSUITE, O365, Exchange & Domino) so that is the reason why we can't leverage Mail profile for users info sync. Any idea ? Maybe a 3rd App ?
*Thread Reply:* Which EMM? The Workspace ONE app can be configured with the 'People' function which acts like a GAL of users from your AD and includes phone numbers, email addresses, address, manager and org details.
*Thread Reply:* arf, we work on MobileIron Core 😞
*Thread Reply:* Sorry to hear to hear that! 😄
*Thread Reply:* Maybe a 3rd party app if it's not a feature of MI?
Haven't done down this route but I have been meaning to see of a CardDAV server and profile can do this
Or if you have all Contacts in the exchange GAL there are apps for syncing this
Any one here a customer or pre-customer of VMware and in the Pacific Northwest that would be interested in attending an EUC user meetup, direct message me. It will be for the EUC space and not specific to just mobile.
👋 Hi everyone ! Woaw that’s a lot of channels and topics to catch up :beerparrot:
Welcome aboard @Yann ! Lots of great information here to sort through 😀
@Paulius Mantulovas has joined the channel
@Sherry Conger has joined the channel
@Sharkey never calm. That's why Shark is in his name
Hi @Yann, great to see you here. Folks, Yann is my partner and we co-founded both Mobinergy (Entreprise Mobility Services Company) and H2G (iOS and Android dev company) and it’s biggest solution is called Exodus, you night have heard about it by now but Exodus is by far the best solution out there to help organizations migrate devices from one EMM to another EMM. Check it out, still a few EMM to onboard but the whole process is priceless and that’s what makes it an awesome solution. Check out release 1.5 which onboard Intune.
We’re pleased to announce a new release of Exodus 1.5.0 (2019/09/17) which include what we were working on over the summer: Adding Intune to our portfolio of supported EMM 
Public website has been updated to reflect this new addition. Https://docs.exodus.tools
This release includes:
- Microsoft Intune as Source - New Tokens Allocation 
Now that we provide more flexibility within a Migration, it make sense to do the same for Tokens allocation. Tokens are now allocated at the Device level: a Token is reserved only when a device initiate its migration. No more limitation in the number of concomitant Migrations due to your Token Pool.
- Extras • Improved Android Enterprise scenario: Work Profile to Work Profile migration process to mitigate AE containerisation.
Public documentation has been updated accordingly and you can find this changelog on What’s New: https://docs.exodus.tools/changelog/#exodus-150-20190917
Get your own trial here https://h2glab.typeform.com/to/f9Sfrz
Have fun  @Camilo Lotero @Morgan @NicolasR @Jason Bayton @Damian @Sébastien Debaille @ygini @Damian @Daniel Harris @Charlie@Sharkey @Maxime Crouzet @Bhavesh @Christian Bell @Jack Madden @jnegron @Joe McDonald @Karim Driss @Karl Seaton @Woody
*Thread Reply:* I’d love to learn more about this—let’s connect for a briefing. I’m at jmadden@techtarget.com. I’ll also throw a mention in our Friday Notebook tomorrow.
Hi everyone and thanks @Thibaut Bellon for the invite. Working on a Migration tool is cool as we have to get our hands dirty with all the UEM/OS and make sure the experience is great for both the end-users and the admins whatever the migration scenario. Feel free to DM me if you want to discuss.
Guys when you can migrate fully managed Android Enterprise devices without a wipe you’ll have my full attention 😄
*Thread Reply:* Would be great for Enterprise-Grade devices, but it would be fairly scary if it was made available to consumer grade devices.
*Thread Reply:* this 1000 times. We have to go fully managed and I am not making any friends saying we have to factory reset and oh, by the way you can't, cloud backup.
*Thread Reply:* I've heard rumors EMM providers working on ways to go from DA to DO without a wipe...
*Thread Reply:* Honeywell provided us with a solution to move from DA to DO. it involved 16 or so steps and 2 reboots. Risk of bricking the devices was to high.
*Thread Reply:* you can do it via ADB, but you shouldn’t do it via ADB. Bad things may happen
*Thread Reply:* The only people who would be able to do this are device vendors themselves. No 3rd party would have access to the low level stuff.
*Thread Reply:* ADB is not an option for a remote device. But i remember looking into it. Again with the help of the vendor.
*Thread Reply:* Adb over ip is a thing. Honeywell is an OEM, not an EMM provider. Did they present a process that works for any EMM that supports AEDO on their devices?
*Thread Reply:* The process was designed specifically for us for a particular type of devices and version and specifically for WS1
*Thread Reply:* That's what I figured. It's funny how varied the viewed responsibility owners are in the industry
*Thread Reply:* Some would think OEM need to solve the problem, some would say EMM providers do, few seem to put the responsibility on Google 🤔
*Thread Reply:* Combination of all 3? OEM + Google + EMM.
*Thread Reply:* Hi @Drew Petersen, strange enough this is the second time this week I hear about that rumour… The first time, the solution was on the Android side. Of course we are keen to investigate further, solving this crcuible for both the Admin and End-User is our game. If you have anything to share, that would be very appreciated 😉
*Thread Reply:* Hi, what about an app running the shell command? I tried today via USB and it seems to work properly.
*Thread Reply:* @Florent N. care to elaborate? What command, what type of device ?
*Thread Reply:* @Dimi I ran the command in this TestDPC issue https://github.com/googlesamples/android-testdpc/issues/48. The device is a Samsung A20e running Android 9
*Thread Reply:* You don’t need a specific app, I think it’ll run in a terminal app without adb shell on the front
*Thread Reply:* @Jason Bayton I mean, creating an app which runs the script, so admin can push the app and it will run the shell command on all devices without physical contact
*Thread Reply:* But that wouldn’t happen. Apps need to be opened, the device needs to be entirely without accounts existing, and doing it this way may lead to data loss as apps and such are removed following the push. It’s risky, not a recommended production provisioning method, and tbh I’d rather my estate was factory reset to start from a clean slate and avoid any flurry of issues where this partially or fully fails.
*Thread Reply:* Sure, it is not a very good solution but for devices like Zebra, you can launch an app remotely. I think it can be done only for device with only in-house app. Do you know why it is not recommended ?
*Thread Reply:* ADB is a dev tool. Zebra already have this capability though.. and as above, far more can go wrong than right
I have a customer with end users that use the app "Nine - Email & Calendar" on Android devices (not UEM enrolled), and change the User Agent to "Outlook-iOS-Android/1.0" in the developers settings menu. They then sync email without any problems.
All other Active Sync email clients I've tried get's blocked. In OWA under "Manage Mobile Devices", on my test account where I've tried this, I can see that it says "Access denied" on this device and User Agent. But this clearly isn't working.
The customer is using WS1 UEM Powershell Integration to control Active Sync, and is only allowing Outlook for Modern Auth in Azure. I'll confirm these settings myself and do more tests/advanced troubleshooting steps next week, but I wanted to reach out and see if anyone has a good answer to this that I've missed?
I didn't know this was possible. I'll give it a try myself. I don't think it will be though in our config. We use Intune with conditional access. Edit: Where do you find those developer options in Nine? I don't see developer options in the app, and in the main Android developer options I don't see any user agent config. @Anton I
*Thread Reply:* Very strange...Would be great if you could test this!
When adding an account, choose “Exchange server or others”. Tap next.
5) The application will to connect to the server at this time. Tap cancel.
6) Under where your password is, make sure the that server is: outlook.office365.com, if not change it.
7) Scroll to the bottom of setting and you will see “Mobile device ID field”. Tap this 7 times.
8) Where it has “UserAgent”, type: Outlook-iOS-Android/1.0
9) Where it has “Devicetype”, type: Outlook
10) Tap next till the rest of the setting are done.
*Thread Reply:* Ahh I see I didn't know about tapping that option. I looked online for Nine developer mode but couldn't find it there either.
So, I tried it and it allows me to sign in, but my device remains quarantined. I see an email telling me to install the company portal app. This device is already managed by company portal (BYOD) but I presume this is because it knows it's Android - not iOS.
I'll give it a few minutes to see if it changes its mind but it looks like this is successfully blocked on our side.
*Thread Reply:* Thank you for testing this. Could try on a unmanaged device as well? How does your Conditional Access policy look like?
*Thread Reply:* Oops I forgot! Will check tomorrow!
Boneheaded move of the day (by which I mean year): On my mac, I’ve been hitting command+[click refresh button] to do a hard refresh in my browser (Safari). Just realized today I should have been using Shift.🤦♂️
@Florent N. has joined the channel
Is anyone here certified on this: cmdsp.org ?
*Thread Reply:* yes and so are several of our team. Full disclosure I'm a CMDSP trainer as we are a partner. Happy to answer any questions on it
*Thread Reply:* Just checked this out, looks interesting
*Thread Reply:* @Paul Conaty I’ll be in touch soon - just validating some training with my boss. Can you deliver the training in France or what are the options ?
*Thread Reply:* sounds interesting. Is there are a study/preparation book or only ILT?
*Thread Reply:* Hi Guys. Currently i only do F2F training in IE but have done remote sessions to groups before although not to multiple locations. @Damian if the group was large enough in France a could definitely come over 😀. Training is normally over a 2 day class with a fair bit of offline study. It's expected that candidates who want to take the exam have at least 3-5 years direct experience managing mobile devices or similar endpoint security experience. I'll drop more detail in here later if there is interest. I also have contacts in a few other EU and US partners who can deliver the training
*Thread Reply:* @Paul Conaty I’ll try to gauge interest with my fellow mobility colleagues. How many heads would you need to justify the trip? PM me your EU contacts too just in case I can’t muster up interest.
*Thread Reply:* Hi @Damian sorry was buried in work for a few days. typically its a min of 3 and max of 8 for a class size. to justify travel expenses i'd prob be looking at min of 5. It looks like all of the EU partners are German based
Nope, but I used to live near the contact address on their site. I know a couple of folks who took CompTIA Mobility+
*Thread Reply:* That cert has been retired ;)
@Balaji Arumugam has joined the channel
Thank You Boe Kelley and luke for helping me to join this forum 🙂
@RamananScalefusion has joined the channel
@Jason Bayton Thanks for this. Amazing to be a part of this community
@Miguel Vázquez has joined the channel
@Gurminder Johal has joined the channel
@Sriram Kakarala has joined the channel
@Kevin Migliaccio has joined the channel
@Gregory LACASSIN has joined the channel
Can anyone please confirm whether Intune has COPE mode?
*Thread Reply:* Firm no. It barely has COBO/COSU
Jason has a link for that: http://doesintunesupportaecope.info/
*Thread Reply:* I hope he took 3 years DNS record subscription 😇
*Thread Reply:* This is brilliant website. Love it!
*Thread Reply:* This may be a side bar topic ... but what modes does Intune support? (and which ones they don't?)
Jason is our Bourne Identity hero!!
@Jason Bayton is our Bourne Identity hero!!
@Grant Angus has joined the channel
@Sandra Cormack has joined the channel
@Richard van Dieren has joined the channel
@Ben Giles has joined the channel
@Ravinder Singh has joined the channel
@Sebastian Schmidt has joined the channel
@Michael Smith has joined the channel
Hi everyone, do you have a some experiences that you could share about intune ?
@Guy Bachelier There's a special #microsoft_intune channel created for that 🙂
@iMZ: Ok, sprry but I can see only lobby and sidebar Channel (I'm don't really know Slack, maybe that"s an error from me) 😄
This is actually one of the things I love about Slack... MS Teams shows all the channels all the time (and you can't even choose to leave them). In big teams it becomes a huge mess 😞
Does anybody have any experience with Wizy? They tout support for the OEMConfig feedback channel already as well as incoming support for Zebra’s LifeGuard OTA (“Z-FOTA”). They seem like a decent alternative to SOTI for rugged deployments https://blog.wizyemm.com/2019/09/30/wizyemm-world-first-improved-security-and-management-with-android-new-feedback-channel/
I know the Wizy guys, EMM seems pretty good though I’ve given it less than a fair go tbh. They’re super receptive to feedback and seem to work quite quickly.
@Jason Bayton Need your honest input on our OEM config sometime. Will be great if you could take a look. https://blog.scalefusion.com/supports-oemconfig-for-rugged-devices/
*Thread Reply:* Can you turn off the data driven UI and modify the schema directly? Intune allows for this and I think most superuser EMM admins would prefer that over the data driven UI. I would rather have the ability to copy and paste in a complete config into a free form text box than manually check a bunch of boxes.
*Thread Reply:* We can do it. Question of how many want to do this. If this is a deal breaker we can make it happen. Shouldn’t be an issue.
*Thread Reply:* Why do you have a photo advertising OEM config yet 2 of the 3 devices are running flavors of windows?
@Mahesh Rampuram has joined the channel
@Adam Saal has joined the channel
I’m updating this info graphic about EMM modes and use cases. I’d love some feedback, and I know you all are the best group for this! https://docs.google.com/spreadsheets/d/1ESOQP5gSvelvsioxuBx96103dq9TvX2SgdaLNf1yyH0/edit#gid=1648477860
*Thread Reply:* Here’s the previous version: https://www.brianmadden.com/opinion/EMM-MDM-MAM-BYOD-Use-Cases
*Thread Reply:* Cool! Lots of colors! Well, perhaps too many colors. I kept wanting the colors to mean something. I see you have shades mean something, so why also use colors to mean...nothing?
Can I recommend using three colors only? Green = “fully supported.” Light Grey = “partially supported.” White = “not supported.” I think that is easier for folks to understand.
*Thread Reply:* I think also “device frameworks” can be split into “android device frameworks” and “iOS device frameworks”. Also, I’d like to have a column where you include example vendors for each type of management tool.
*Thread Reply:* Agree with Aaron, the different colors are confusing. I went looking for a legend to try to grok the details.
Also, being in the MTD space, you may want to add a line item in that section around mobile phishing protection. It's a big talking point for all of us vendors, and I suspect it may be something that may need to exist on devices where traditional MTD may not be considered essential
*Thread Reply:* OEMConfig applies to all enrolled corporate scenarios, not just dedicated/kiosk.
*Thread Reply:* Totally heard re: the colors!
*Thread Reply:* Thanks for all the comments, everybody!
*Thread Reply:* I turned off the sharing yesterday, since I was going to get it wrapped up, but since a few requests for access came in, I turned it back on
*Thread Reply:* I have to test this out on multiple monitors, and run it by some graphic designers 🙂
*Thread Reply:* Great list, thank you! It could be interesting adding possible solutions supporting this scenarios like MobileIron AppStation for MAM, MobileIron Cloud/Core, Airwatch, Intune, blablabla... Just an idea 😉
Maybe it was already discussed, but this was interesting: https://protectyoungeyes.com/12-ingenious-screen-time-hacks-how-to-beat-them/
*Thread Reply:* I'd removed Safari from my kids phone and he found that if he asked Siri a question that required a web search he could continue using Safari unfettered, clever little bugger LOL
Hey guys… what do you think of Pixel 4 ? any feedback ?
@Alvin Yoder has joined the channel
*Thread Reply:* Our devs were really interested. I've got a POC coming up for the low hanging fruit use cases. While **nix is a small user base (relatively) it sucks that they're ditching this.
*Thread Reply:* DeX + WS1 + VDI seems like a good balance but needs to be tested.
*Thread Reply:* I use it sometimes with RDP. It's ok but a bit laggy IMO... And this is on a gigabit ethernet connection to the DeX dock, I'm sure it's worse over 4G.
*Thread Reply:* I never tried LoD because I have an S8 but I'm glad I didn't rush to upgrade because of it!
*Thread Reply:* Apparently they had kernel compatibility issues with Ubuntu LTS.. But they always supported multiple distros anyway.
*Thread Reply:* https://www.reddit.com/r/LinuxonDex/comments/d8actp/recent_interview_with_dex_product_manager_gives/f1a332m/
*Thread Reply:* I've heard good things about AnLinux and UserLAnd but they don't have the same integration of course
*Thread Reply:* I enjoyed running Linux on Dex and using a Samsung tablet to adb to Zebra devices :)
*Thread Reply:* tc52 android on custom compiled scrcpy for arm on adb on ubuntu on linux on dex on android pie on samsung tablet
*Thread Reply:* S5e... Was a tad laggy which I thought would be fixed by Tab S6 but S6 didn't have LoD and I knew the writing was on the wall
@Tim Howarth has joined the channel
@Nico Hermeling has joined the channel
Anyone here with experience using Meraki Systems Manager to manage Chromebooks?
@Martin Hillero has joined the channel
Strange request, but I am in need of an iOS device running iOS 13 on Monday. If anyone happens to be within reasonable travel distance from Wales and can live without something for a week or so please let me know :)
*Thread Reply:* I'm not in the UK but if it helps you can use my iPad over teamviewer or something. Probably won't help much, I know 🙂
*Thread Reply:* Ha, thank you. But indeed, I’d need something local
*Thread Reply:* Go in an Apple Store, purchase one, do you stuff and give it back saying that you changed you mind. 😂
*Thread Reply:* Good idea actually! Even though you were joking 🙂 Especially if you order online you have 2 weeks to return it (even if you pick it up in person as long as it's ordered online)
*Thread Reply:* I could send you an old crappy iPhone 7 I use for testing every now and again but would only be able to send it out tomorrow for delivery Tuesday. If you still need it PM me your details...
*Thread Reply:* Thanks for the suggestions and offers folks, I just had the company pay for one over the weekend. It may or may not go back, depending how much iOS support I need to do over the coming weeks/months
*Thread Reply:* Well seeing your Nokia crapped, you might want to use it after all 😉
*Thread Reply:* LOL, thanks but I’ve got another 21 Android options to pour through first
*Thread Reply:* Enroll it in Intune with iOS 13 user enrollment; would feel like AE.
*Thread Reply:* I have, it really isn’t. It’s a nice attempt but so far to go
*Thread Reply:* Yeah the thing with having an app only for work or private is a bit of a dealbreaker IMO. Only the built-in apps can do both (makes sense because it's the only way to guarantee separation)
Anyone here familiar (or know someone I could speak to) with Workday?
*Thread Reply:* I am to an extent as we use it internally, but I am not an admin.
*Thread Reply:* @Matthew Shaver Have you dabbled much with Workday-as-a-Master and/or the Career Sites/Recruiting?
*Thread Reply:* Alas I have not - we use it for time management - benefits - personal info. We’re not on the platform for recruiting or career paths at this time (as far as I’m aware)
*Thread Reply:* Okay! Working to explore all our options, since we have the Recruiting/Career path modules/platform
@Matthew Thompson has joined the channel
Does anyone know if the Samsung A8 2017 will get the Android 10 update?
*Thread Reply:* No, A8 Will not get Android 10.
*Thread Reply:* The 2015 or the 2017 version? The 2017 version came with Android 8. Enterprise devices get 2yr/2major version updates to 8 + 2 = 10?
*Thread Reply:* Confirmed by Samsung: none of the A8 devices will get Android 10.
*Thread Reply:* Link to the source?
*Thread Reply:* That would be a link to a phone 😂
*Thread Reply:* https://www.theandroidsoul.com/samsung-android-10-update/#samsung-galaxy-s8-s8-and-s8-active
*Thread Reply:* "None eligible for Android 10"
*Thread Reply:* Cant find any official source. I've saw some websites who say that the A8 will get 10... So different sites, different info
*Thread Reply:* I have heard, unofficially, the same: no update to 10.
@Yaniv Shen Moradi has joined the channel
While working in an enterprise of android devices may be like with ~15K in count using more than 60+ apps on a daily basis, do you suggest that a frequent reboot of all the devices during non-business hours, like daily or fortnight will increase the efficiency and productivity of the devices?
I don’t know what sort of data exists for this, but speaking from experience I only reboot a device with the monthly security update with little noticeable difference. What does make a tremendous amount of difference is available storage, as that gets close to zero my devices tend to freak out far more.
A workflow option to clear cache and app data on a scheduled basis will reduce the need for such reboots. Some MDMs do offer this feature.
However I second Jason's thought on rebooting for monthly security updates which frees up a lot of space.
If you clear app data it'll log you out of every app though.. That's not very nice for the user. And worse than the problem you're trying to solve IMO.
As a long time Android user I only reboot when applying the monthly system updates unless I totally kill my phone battery in a day (this is very rare). Android in it's early days was a lot like Blackberry where you really needed to reboot a couple times a week to keep things running smooth but those days are long since past in my experience.
That and clearing cache increases data/network and slows down apps if this data needs to be re-cached on launch.
*Thread Reply:* But when there are 60+ apps we could choose to selectively clear app data and that would make sense doesnt it?
*Thread Reply:* I would not clear app data of apps in use by employees generally. Cache at most with the above caveats.
*Thread Reply:* I agree. Recaching takes a lot of data/network as you have mentioned.
Would anyone find value in having a GSuite channel to discuss all things Google GSuite related?
What do you guys think of a mobile app version of any of the EMM consoles, which might help us to do some minimal activities and device status checks through the mobile app on-the-go ?
Many of the EMMs have APIs built out that would enable you to build your own mobile app for that purpose
I've been moaning about mobile admin for years. It sucks. The notion an EMM professional may work from a mobile device also seems to be entirely lost on most of the industry
MobileIron had a mobile app admin tool i played with a few years ago. it wasn't great on a phone but worked well on a tablet. not sure if it's still available
MobileIron Insight. Though to be fair, an HTML5 modern liquid UI would suffice for most use cases…
Yeah, Mobileiron's interface from an iPad Pro is basically not usable
With Workspace ONE it even redirects to the self-service portal as if you typed it wrong 😕 Though it does work if you enable desktop mode.
And Intune I never even got to try as it only works on-net for us.
BTW the #GSuite channel is live, for those contemplating a jump or presently using it as an alternative to O365.
Curious: Anyone here using MacOS (Mojave) and Chrome 78.0.** and losing your mind with Apple+ Shortcuts not working? e.g Apple + R or C/V? Just sporadically working and then not.
Yes seen that before with Chrome. You really have to “right click” and perform a copy/paste from there or the menu. Also they delay the Apple + Q combi for some weird reason. Already ditched Chrome a long time ago.
@Mark Vonk I’ve seen all those symptoms! Do have to admit, I like the delayed Apple + Q. Could really use that for other apps where I do a lot of Apple + W and inadvertently quit the app
@Daniel Creasey has joined the channel
@Jani Kostiainen has joined the channel
@Fernando Carvalho has joined the channel
@Thierry Lammers has joined the channel
@Wannes De Boodt has joined the channel
I have a question with enterprise android
We have enabled COPE for our corporate devices and we are able to take back up using google drive but there is no way to restore the backup on the device.
Any one can guide me on how to restore the back up to the enterprise android device
@Jakub Jaroszewski has joined the channel
@Arsen Bandurian has joined the channel
Honey... I'm home....!
@Petr Filippov has joined the channel
@Chris Avedissian has joined the channel
@Mike Komissarov has joined the channel
Anyone using security scoring services like BitSight, Security ScoreCard, or RiskRecon?
Interested in chat on your mobile score if you are!
Curious - Anyone here using Druva for backups? Evaluating and would like general feedback if you have any.
@James Orewiler has joined the channel
I’ve been managing Apple devices for years now and am looking for some guidance with getting rolling with Android Enterprise. Can anyone point me to resources for getting this going? We use AirWatch and have not found their resources to be very useful.
*Thread Reply:* Thanks, I’ll give it a go.
*Thread Reply:* Also, where are you finding difficulty on airwatch? H
*Thread Reply:* I’m looking from something that walks me through things from beginning to end… Console side, Google side, device side. I’m not thrilled with what I’ve been able to find.
*Thread Reply:* This is a great resource https://techzone.vmware.com/understanding-android-enterprise-management
*Thread Reply:* also there is a migration tool in the console if you are moving from Legacy to Enterprise.
*Thread Reply:* Hi, I run bayton.org - let me know if there’s documentation you feel would be helpful you can’t find there and I’ll get it up.
also bayton.org/android is direct link to all things AE.
*Thread Reply:* Take a look at the Google certification/training... it is very good - https://skillshop.exceedlms.com/student/catalog/list?category_ids=677-android-enterprise-academy
*Thread Reply:* Bhavesh and team at WS1 also did a YouTube series that covers some of it as well https://www.youtube.com/watch?v=-VlepQoly5c
*Thread Reply:* Android Series Episode 1: Device Administrator Deprecation - https://www.youtube.com/watch?v=s9-sCtmarpc&t=19s Android Series Episode 2: Android Enterprise Work Profile – https://www.youtube.com/watch?v=NmiJz8ZtRCI Android Series Episode 3: Work Managed Devices - https://www.youtube.com/watch?v=d2LJdtou1ts&feature=youtu.be Android Series Episode 4: Rugged Devices - https://www.youtube.com/watch?v=WoqFCZBM0ko Android Series Episode 5: App Management - https://www.youtube.com/watch?v=DdSE-qFmRt8 Android Series Episode 6: Corporate-Owned Personally-Enabled - https://www.youtube.com/watch?v=HXHjXyiiKLk Android Series Episode 7: Android Enterprise Recommended (AER) - https://www.youtube.com/watch?v=auvEjBsYSVc Android Series Episode 8: Android Enterprise Security Discussion with Google - https://www.youtube.com/watch?v=bOcpyvP3GJI Android Series Episode 9: VMware Workspace ONE Launcher - https://www.youtube.com/watch?v=n5u0nUFXKBw Android Series Episode 10: Admin Experience for OEMConfig Redefined - https://www.youtube.com/watch?v=YPaNCVipeeA Android Series Episode 11: Migrating to Android Enterprise - https://www.youtube.com/watch?v=-VlepQoly5c&t=269s
An interesting question that came across in a discussion, What is that information about an individual that is not available on their respective smart phone? What do you think?
*Thread Reply:* We have our personal photos, money cards, digital wallets, body health activity apps, self interested social networking apps etc. which actually puts your complete ‘self’ into the smart phone…
Can you tell what info of an individual in general which is actually not available on their smart phone?
Quick question for anyone who knows Airwatch… device enrolled using AfW with the afw#. In hub app a user can go and remove the profiles. So for example they remove the passcode and app blacklist confs…. then set the device to use no passcode (i know i can block with compliance policies) Does anyone know is this normal behaviour? I’d assume so as the delete button is there?
*Thread Reply:* Check out the #workspace_one and if I got your question right you need to set Allow Removal - With authorization.
*Thread Reply:* @Al Platt When you create the profiles you can set if the profile can removed "Always", "Never" or with a password
When creating the profile there is an option on the general tab that says allow removal. Change this to allow/disallow or with passcode.
Thats’s the one then, seems i’ve missed that. Thanks for your replies.
@David Peterson has joined the channel
Hi guys,
I have a question regarding to the Custom Apps.
If we set up for custom apps on App Store Connect, set it to private distribution to the Apple Business Manager and the availability to all Country and Regions.
The redemption code from the ABM will be available to all Country/Regions? Or will be restricted to the country on which ABM account is set up?
*Thread Reply:* The redemption codes can only be used in the country of your ABM account
*Thread Reply:* This restriction makes the whole redemption code distribution of custom apps pretty useless for us. A feature request to remove this restriction is pending with Apple, so if you can: please add your account/device count to it via the Enterprise Support
*Thread Reply:* Thanks for the heads up, same for us to. We will make a request for the remove as well.
*Thread Reply:* Yes, the lock to a single country is a pain here too
@Florian FERRAND has joined the channel
@Peter Mikulic has joined the channel
@Carl Bjorklund has joined the channel
@Jonas Pettersson has joined the channel
https://verizonmdm.vzw.com/login.html did I just completely miss this over the past few years or is this new?
*Thread Reply:* I’m pretty sure it’s brand new. The videos on the bottom of that page are all labeled “coming soon”
*Thread Reply:* I believe this is just a dashboard for them to white label information gathered from the MDM services they resell
*Thread Reply:* ^ That's what it visually looks like. That was my first thought. So something like MaaS360 is feeding info to a VZ Dash?
*Thread Reply:* Yes, but I spoke to someone else who has worked with VZW for a bit and they seem to think this might be remnants of an abandoned project. The UI looks a little older (from what they can see). That might not be entirely accurate - just speculation
*Thread Reply:* Gotcha right on. The UI is older looking for sure - ability to place policies on mobile hotspots sounds intriguing though
*Thread Reply:* Probably just a front end that does API calls to other systems and aggregates data.
*Thread Reply:* We got in there and tested some stuff out. It is piping hot garbage. But if your client has a need to disable the speaker on their Jetpack, boy does it have you covered
*Thread Reply:* This is new to me but vzw has been reselling mass360 for a long while and I wouldn’t be surprised if MaaS360 is the engine behind it.
@Claes Widestadh has joined the channel
@Carisa Stringer has joined the channel
@channel Has anyone integrated O365 apps in Workspace One access (VIDM) and achieved MFA using ADFS? The use case is to achieve MFA at ADFS end only and get the redirection \ O365 apps working once it reached VIDM. Any suggestions around it? 🙂
*Thread Reply:* No need to use the channel command. Also you might want to ask your question in the #workspace_one channel
*Thread Reply:* You need to configure azureAD or adfs as 3rd party IdP and o365 as a SP for Office. Or do you mean the mobile apps? and if yes... Which mobile apps do you want to use?
*Thread Reply:* would need ADFS as 3rd party IdP and O365 as SP.
*Thread Reply:* After integrating the O365 apps in Workspace One access(VIDM), we would like to launch the apps within the Workspace One access catalog (VIDM catalog) and it must redirect to ADFS for further authentication where the MFA should work
*Thread Reply:* Once the MFA is successful we would want it to redirect to VIDM to get the app loaded successful, but the question is does Workspace One Access (VIDM) allows the MFA only at third party IDP end ?
*Thread Reply:* Multifactor authentication can be enabled eg with vmware verify. But in your case the mfa is handled by the configured IdP of the Application (adfs). You have to give it the right authentication in your access policy on vidm!
*Thread Reply:* I have configured AzureAD as a 3rd party IdP in vIDM. Login to vIDM is redirected to ADFS and is using AzureMFA, and the Office Apps are configured in Catalog as Weblinks. SSO is working!
ok @here maybe i am losing my mind….I can not force vpp to sync.. When I hit actions and update licences the progress bar doesnt come up it just shows my apps.
It’s a known issue. Check help.mobileiron.com and upgrade your Core
Gentle reminder please folks to seek out the appropriate channel when posting!
Nice idea. As usual, it’s arguable how best to lay some of these out, so this is a terrific effort.
I would also add VPP, and perhaps move DEP elsewhere (esp. now with user enrolment and renaming of supervised enrolment by Apple), but include ABM and ASM in there instead?
A jolly good start and I’m tempted to nick that idea! 😉
I’ve been reading all these end-of-decade articles and just had a thought. Apple published their first MDM specification in late 2009, so we could call this “The MDM Decade.”
*Thread Reply:* Every person in this Slack works in a field that (excepting BlackBerry) basically didn’t exist 10 years ago.
*Thread Reply:* Fully agree with your first point. As for the second, erm, there I’d have to respectfully disagree with you. Information security has been around for a while now… 😉
*Thread Reply:* @aaron Some of us supported other mobile platforms, like PalmOS and Windows Mobile...
Subtitle: “My Life With The Accidental Device Wipe”
@Carsten Albrink has joined the channel
I would like to take this opportunity to wish you all a very Merry Christmas (or festive season) and Happy New Year. And wishing you all the best for 2020!
Merry Christmas you marvelous bunch!
Belated wishes to all you amazing people! Special thanks to Santa Jason for having made this group possible!
@Wannes De Boodt has joined the channel
@David McIntyre has joined the channel
@Julian Brennan has joined the channel
*Thread Reply:* I would typically give the environment a once over and look for gaps. In lieu of gaps I'd point out better ways of doing things and how to do them. Ask them about their approach to security, how they setup devices, where they are in their lifecycle. For Android bring up AER, ZT, etc. Supervision and DEP for iOS. So on.
I did and do still suck at "upselling" as I'd happily just provide the info and steps for things. If they get stuck or want something done it was down to them to re-engage, no pressure.
*Thread Reply:* Hey Dmitrijs, I have always believed in the approach of staying ahead of your prospects need and goals. Not to say you need to be an expert, but by being able to ask the right questions about future strategy with knowledge in your pocket, anticipate where the gaps/vulnerabilities may lie (after review) and being able to take them to the chosen land should they decide to go on the journey. You move the needle from being a consultant to a strategic mobility SME. Position yourself in a way that if the topic is mobility, you should be part of the conversation. Many times, leaders don't know what they don't know and need to rely on people that do. Be that person!!!
*Thread Reply:* I Agree, on the one hand, enhance their current setup (update, usability, security, support, technology (AE, DEP,...)) and on the other hand help them strategically as advisor for feature use (cloud integration, Passwordless/Zero sign on, iOS BYOD, SAML, Changes bec. of new OS,..) before its necessary.
*Thread Reply:* I think it's very important to understand what the business benefits of mobile are and try and become a strategic adviser on how mobile tech can improve business processes, user experience etc. this requires moving the conversation out of IT and security though but ultimately is what my clients find the most value
*Thread Reply:* Can't mention specific customers but I've worked with a number of orgs where we started out as just the MDM vendor and then worked with senior management to understand the strategic goals for the company and related those to mobile to create an Enterprise Mobility strategy. Helping orgs understand whats possible with COTS apps vs custom developed, doing user functional comparisons of iPads vs laptops for sales teams or similar, how mobile can enhance field force productivity etc. What i find customers really appreciate is helping them to achieve stuff like above while also clearly explaining the risks and best practice on how to secure the devices and apps. Most businesses of any size i find don't have this type of expertise in-house
#microsoftintune is now #microsoftendpointmanager
@Sławek Studnicki has joined the channel
What do you guys see as the must-have trends of 2020 on the mobile management side? Edit: I mean in terms of things to work on, not things that you think Google/Apple should improve :)
We've been focusing on the migration to Intune a lot but this year we're moving back to the regular mode of quality of life improvements. So we're doing a review.
Personally I do Macs as well as mobiles so a lot of my suggestions will be on the Mac side. On the mobile side I really want to do SSO now that Apple has published an architecture with plugins on their side. I also want to take advantage of User Enrolment however we can't have managed Apple IDs in our configuration so I don't think that'll fly 😞
But I'd be interested in hearing what things you'll be focusing on for 2020, or would like to do
*Thread Reply:* Better version control in Managed Play. Enterprises need to be able to standardize on a particular version of a business application and should have the option to downgrade to a prior version.
*Thread Reply:* Thanks! But I meant things as potential ideas for our team to work on.. Just in case I'm not overlooking something great
*Thread Reply:* Data analysis Data driven decisions Predictive maintenance
*Thread Reply:* Good ideas!! Thanks! We've been improving on our analysis anyway since we got Intune, this is one area where it's way better than Workspace ONE. One of my colleagues has made an amazing dashboard in PowerBI. But at the moment we don't actually do anything with that data.
Investigate, test and create more API’s to granularly control an AE device… end to end…
Yeah but I mean more stuff we could be looking to implement
Hi All, Silly question do anyone know what is the time zone is the time stamps on historical reports captured in Airwatch.
*Thread Reply:* I thought it was GMT by default but may be set to your console's time zone
*Thread Reply:* That is what even i thought but when I ran historical reports the stime stamps are different
*Thread Reply:* my console version is still 9.2
*Thread Reply:* so when i run reports which has time stamp they are not the actual time stamp of my console or my time zone...
*Thread Reply:* the time stamp in the console will take the time stamp from your device server… dsxxx…
*Thread Reply:* It is off premise
*Thread Reply:* then the time zone in which the server is configured with…
*Thread Reply:* Thank You all for the info
*Thread Reply:* i always thought it was based on the attached image
@Renuka Shahan has joined the channel
@Haralambos Mavromatidis has joined the channel
@Patrick Hogeboom has joined the channel
@Lars Uyttenboogaart has joined the channel
@Willem van den Brink has joined the channel
*Thread Reply:* Folks who use something else, please share with the community.
*Thread Reply:* NIST
We have a high profile user advocating moving to iOS user enrollment and not pair it with any mdm. Is this even possible? Can any management be done? This is about 800 devices.
User Enrolment is still an MDM based technology. If you really want to be MDM free, maybe using MAM apps would be a better option. We do this as a more limited option as al alternative to MDM.
Also, user enrollment has some drawbacks. You need managed (federated) Apple IDs, you can only use the native apps for dual-use and any apps you install for work purposes can't be present on the 'personal side'.
@Melkon Torosyan has joined the channel
Personally I really prefer the work profile way of doing things, but many end users don't grok that for some reason :)
We have xenmobile in mam mode, users dont like it. Last year we piloted that, AirWatch, mass360 abd mobileiron as they hated blackberry. We aren't 365 or azure, no EA on office so don't think intune by itself is a good option.
This user, very influential, wants us to go to user enrollment with native email app and no mdm. Of course that doesn't factor in that were byod and while a minority have Android users, or that user enrollment is very new.
We just spun up another AirWatch trial, he hated boxer last year ...
*Thread Reply:* I would be curious to hear how they expect you to roll out "User Enrollment" without an MDM and Azure AD.
*Thread Reply:* Do MDM with managed iOS mail native and Safari split tunnel. If he hates that, he hates iOS^^
*Thread Reply:* Explain to him risk lability cost without MDM
Do you guys use anything fancy for outside your meeting rooms today? I’m dabbling with the idea of hooking up tablets to outside the meeting room entrances, but struggling to find a software solution I can trust to do this (a few I’ve looked at want a password set on the resource mailbox to log into. No thanks).
*Thread Reply:* @Ivo Kazimirs knocked up a solution for us integrated with O365. Might be able to suggest something for you
*Thread Reply:* Most of the native solutions want to see the admin password for the estate, created a bespoke power apps application for a dedicated mailbox. You still have to provide the password to the mailbox on initial set up but after that its smooth sailing 🙂
*Thread Reply:* My gripe has been mostly about providing a 3rd-party a password to an account that’ll see meetings in plaintext. Roombelt was winning opinions but I don’t feel good about anything non-microsoft managing that
*Thread Reply:* We had same problem, powerapps is a feature on your 365 account so you are not sharing with third party.
*Thread Reply:* We were piloting "Teem" eventboard. But it was found to be too expensive for the features it offers, I don't recall the exact price, but it was a lot. It was decided to build something inhouse but it hasn't materialised yet.
I don't know how it worked on the server side as this was managed by a different team but I didn't have to enter any password on the tablets themselves (or deploy it via MDM). They just had to be registered with a pincode.
*Thread Reply:* Ivo would you mind pinging me with work effort and costs please if you’re up for it?
*Thread Reply:* We have started to POC ‘Crestron’ devices in our meeting rooms…
*Thread Reply:* We‘ve been using Robin Rooms for over 3 years now. Did you try that one?
*Thread Reply:* No @Julio that again looks like it expects a 3rd party to have full account access, which I don’t really want. I don’t know what I could do as an alternative (besides @Ivo Kazimirs’s suggestion) but I wasn’t expecting it to require access to an account that normally wouldn’t even have a password
*Thread Reply:* Full account access to what account? We integrated it with Google Calendar and created calendar instances which are doing the communication with the app.
*Thread Reply:* we've just deployed Teams room devices across our business. Whilst it doesnt show whos booked the meeting room from the outside (unless your using 3rd party software) when a user gets into a room, they will see who has booked a meeting on the tablet on the screen. with a simple one click to join feature! if you use teams/365 i would highly recommend exploring these
*Thread Reply:* I'm looking into these already Ajay!
*Thread Reply:* We use Teem Eventboard on 400 conference room iPads. Works great with O365 integration and user proximity detection to check into the room when you arrive.
I read on reddit that someone has a guide that compares Workspace ONE to Intune in good detail. Does anyone have this handy, or can point me in the right direction?
Folks I’m looking at the possibility of offering a DaaS solution, a direct-from-OEM vs through a reseller sort of thing. Fixed fee per month for device with repair, extended hardware availability (~3yr) and software support. I’d like some feedback from the community around expectations, wants, opportunities to bundle value-adds that don’t exist with current offerings on the market particularly from larger orgs. Reach out to me privately in chat or by all means comment in this thread.
*Thread Reply:* There could be some desire in the rugged/dedicated device market. A lot of folks feel kind of burned by the premature obsolescence of Windows Mobile/CE that has forced them into early upgrades. These early upgrade cycles have led them to consider alternative purchasing models like DaaS/HWaaS in an effort to better protect themselves in the future. Up until now most of that has been served by way of leasing companies so I think there is still a lot of opportunity out there for true DaaS.
*Thread Reply:* Rufus is a company that comes to mind that is making dedicated wearables for the warehouse space and charging a monthly fee for them
*Thread Reply:* https://www.getrufus.com/
*Thread Reply:* My lens is warehousing and retail so I will be biased toward those usecases but there also is a big need for flexing device counts up based on peak periods
*Thread Reply:* A warehouse often needs to temporarily double its workforce around the holiday season and each one of those users needs a device in their hands
*Thread Reply:* They’re left having to size device counts based on peak volumes which is starting to feel like a foreign concept when software and servers are becoming increasingly self-scaling in the cloud
*Thread Reply:* If you could help solve the problem of flexing device counts based on peak periods via DaaS then you could make a lot of people happy. Not sure where you are from a rugged perspective though
*Thread Reply:* Working on it 🙂
*Thread Reply:* the above is based on DaaS for laptops so not the descriptions dont all apply but you get the idea
*Thread Reply:* or create yourown using openstf
MWC looking shaky. I'd be double checking refund options for flights and accommodation!! https://www.wired.co.uk/article/mobile-world-congress-cancelled
*Thread Reply:* Looks like its still on https://www.androidpolice.com/2020/02/12/the-gsma-wants-to-cancel-mwc/
*Thread Reply:* https://www.theverge.com/2020/2/12/21127754/mwc-2020-canceled-coronavirus-trade-show-phone-mobile-world-congress-gsma-statement
Anyone flying with easyjet are SOL
Yeah and Spain was having some beef with the GSMA already because it wants to move the event to Madrid and GSMA wants to keep it in Barcelona.. No good can come of this 😞. Either Spain will force them to move it as a condition, or they'll go on but with mostly empty booths 😞
Hey @Drew Miller and @Erik Fortin! Deja Vu....
*Thread Reply:* Where would it be hosted in Madrid also?
*Thread Reply:* I believe this was a political response/threat from the Spanish govt in Madrid to the Catalan independence movement/process (‘el procés’)
*Thread Reply:* Yes it was in the local news here a lot that Madrid was trying to bring the event there.. They were quoting the independence riots as a reason but people here told me they thought it was more of a guise to bring a big event there, and a way to 'punish' Catalonia
*Thread Reply:* So far the GSMA told them politely to stick it where the sun doesn't shine but I think they will be in a weaker position now with all the financial fallout from the cancellation
*Thread Reply:* So I wouldn't be surprised if this is the end of MWC as we know it (In Barcelona I mean)
*Thread Reply:* Unless they can claim back on the insurance under the medical emergency clause, of course.
*Thread Reply:* Yes but that will give the Spanish government another negotiating tool because they control that
*Thread Reply:* Either way GSMA is not in a strong position like before
*Thread Reply:* One failed conference surely won’t financially ruin them, they’ve got a bunch of revenue streams and conferences in other parts of the world
*Thread Reply:* Yes but it might be the start of a rotating base (@Simon Hardy-Bistagne mentioned they might be looking to move the event every year)
*Thread Reply:* By the way I've been involved in organising a big (but much smaller than MWC) event before and moving every year is not something that's nice for an organisation because you have to deal with different authorities and regulations every time.. You can't simply reuse your playbook.
So maybe it'll stay.. I just really hope so as I live here 🙂
@Taylor Armstrong has joined the channel
@David McDonnell has joined the channel
@Anders Hermansson has joined the channel
This post is only for people within UK… (also if others are interested to join us out of UK) Friends… i know we all have been a part of this ‘Slack Empire’ for a couple of months now… am not sure if this is the right time or not… i also would like to have the concern of our founder / emperor @Jason Bayton… Can we have or at least try to plan an informal catch up within London… chit chat… discuss… talk and dance around on some Android tunes 😉 Please do post your comments!!! suggestions!!!
*Thread Reply:* How about something around May 12 - 14th, when the AE symposium is in London?
*Thread Reply:* Keep me updated, I'd like to join in too
*Thread Reply:* @Jason Bayton Do we have any more details on the AE symposium?
*Thread Reply:* Other than it being in May I’ve no further detail today no
*Thread Reply:* @Mark Vonk What is this AE symposium you speak of?
*Thread Reply:* That is the Android Enterprise symposium hosted by Google. An annual event where new developments are shared by Google. It is hosted for OEM's, manufacturers, EMM's and service providers. There is one in London, not sure if they do it in other regions. Not sure if it's for public consumption yet, but the plans are to host two separate tracks on two separate days, May 12th (Go to market track) and May 14th (technical track).
*Thread Reply:* How did you get this info Mark? I asked a couple Googlers and got shrugs back 😄
*Thread Reply:* Happen to have a call with Google (AE platform team) and this came up.
*Thread Reply:* Awesome. Pretty weird to have two days with a gap in the middle. Guess I need to book 3 days in London for what I'd managed in one last years.
TIL that beer parrot was even an emoticon… 🧐
Anything can be an emoji in slack. it's the only reason I haven't shut this place down 😁
*Thread Reply:* In our internal slack chat I'm an emoji and I'm not mad about it
*Thread Reply:* I think it’s only just you bring that over here
@Bennie L. Callies, Jr. has joined the channel
@Niklas Jenslöv has joined the channel
@Nathan Tremlett has joined the channel
@Bo Snitkjær Nielsen has joined the channel
@Viktor Dmitriev has joined the channel
Has anyone tried https://micromdm.io/ ? If so whats your experience?
*Thread Reply:* I have not. Looks like it could cover the bases for basic MDM
*Thread Reply:* How did you come across it? Just curious what their angle is at this point in the MDM game. Not a whole lot to go on based on their website.
*Thread Reply:* I think the main angle is being completely free and open source. It's not a commercial product at all. As such it might be handy for managing Apple products at home. Or for smaller organisations without budget for an MDM service.
It's an interesting approach IMO, and when you see how well other open-source tools are doing in this market (consider Munki for example!) I think it's a nice option. But never did try it, no. We're too big for something without vendor support.
*Thread Reply:* Ruchi that’s exactly what I heard from the head of strategies from a big company. Though not commercial it’s like Linux of the MDM world
*Thread Reply:* May be for small businesses but vast ones am doubtful. Hence the query
Besides Ground Control, does anyone know how to display the serial number among other details on the home screen of a supervised iPhone/iPad?
Lock screen profile with a lookup value for serial number will work for most mdms
so you want it as a wallpaper? instead of going to setting>general>about?
Most mdms will let you set a wallpaper but not customize it like that I do not think that use case comes up much out of curiosity what is the use case?
I've got a device with one app that needs to be running/unlocked at all times. To help identify the device name a little easier, we hope to be able to append the serial number like BGinfo on desktop on this homescreen.
If you want the app always running it will have to be open so you would not be able to see the desktop anyways
What does everyone use to provide remote assistance for iOS devices?
*Thread Reply:* TeamViewer integrated with Intune.
*Thread Reply:* @techiecheng Notify RDS is a good solution as well. Have had great success with it helping end-users troubleshoot iOS devices. Simple, easy and cost-effective for organizations. DM me if you would like further info on it
Teamviewer also here! Would be great if Apple allowed Remote Control access like on Android but here's to hoping!
I'm, of course, leaning toward VMware Assist but gotta keep my mind open as we are a non-profit institution
For Teamviewer, how easy/difficult it is to set up?
I'm looking to implement this on a large scale (i.e. 15000 devices)
*Thread Reply:* its pretty simple with any form of remote assist tools. Teamviewer, we just push out the QuickSupport app and the add on (if needed). they just open the app gives us the ID number and we're in. Few more steps needed for iOS but nothing too stressful. You can deploy unattended access also but quite a few customer's security team did not want this as we are a 3rd party and user privacy etc..
Hi, guys new here looks like a vibrant community, I hope to give and get help in all kinds of topics...
*Thread Reply:* Welcome @Chesky Herskovic! Lots of fun to be had here, indeed 🙂
General question to the community. how is everyone doing? It's a fairly anxiety inducing time worldwide and i think communities like this are useful to keep us all sane! Whats everyone doing to keep their minds of the pandemic? I'm enjoying getting a lot more time with family and my dog 🙂
*Thread Reply:* Hi Paul, agreed its a tough time and more as many of us are spending 24/7 with families. I can only speak for myself but the last couple of weeks have been a huge adjustment for my wife and kids - with the home schooling and that we were in isolation as well due to symptoms. Still we are moving forward and trying to instill a new routine for everyone. Avoiding too much of the news helps as does regular contact with friends either on phone or video. Work helps and yes communities like ours are also a good way to escape the 4 walls. Maybe we should do a Group zoom or similar as a watercooler chat?
*Thread Reply:* This is a challenging time and instead of spending time on the news channels. One should, Talk with your daughters, play with your sons. You need to be a better friend to them than anyone else. This society offers lots of evil friends. Before they make those kind of friends, they need to find their best friend in you.
*Thread Reply:* It's tough for me as my girlfriend lives a few miles away so I can't see her and my son lives with his mother and while he could come here, she is not keen. I do talk to them both but it's obviously not the same. 😞
*Thread Reply:* Love the idea of a zoom virtual pub session (my interpretation as I'm Irish 🙂 )
*Thread Reply:* We actually did a zoom (and also a G Meet) beer session last 2 fridays, but as people sit in fron tof their computers all day (many of them talking to others over G Meet a lot) they don’t find it fun to sit in the same chair, in the same room for a couple more hours...
*Thread Reply:* I'm locked up in the house on my own for 3 weeks now. Very depressed. They won't even let us go out for a walk even keeping distance.
*Thread Reply:* My observation though - a lot of the insitutions are catching up with technology very quickly - schools, pre-schools, government organizations - this is going to be an upside of this whole situaiton. Over the first week of isolation my older son’s school managed to set up Microsoft Teams and start remote classess (twice a day, with home assignments, extra curricular acrtivities and even Physical education - all within the Teams app - installed on an ipad in my case). The other son’s pre-school set up a class on Google Classroom, they connect over video chat on Skype and share a lot of materials on GDrives. The experience all the students, children and the school staff gets now will stay and benefit (I hope) in the future.
*Thread Reply:* @Tycho keep your head up! We will go out eventually - and we will enjoy it way more than ever !
*Thread Reply:* @Tycho take care as spain is most effected country after Italy.
*Thread Reply:* Hey guys glad to hear everyone is holding up well or as best they can in these trying times. While this transition has been a little rough for my wife (shes used to going and spending time with her family weekly) for me I love it as I finally get to work from home and spend more time with both my wife and my dog. I've been a hardcore gamer ever since I was little (got my first personal pc at 5) so sitting in front of a computer alone for hours on end is a part of every day life for me. Sure just like everyone else I would love to be able to go back to normal life but mainly only because I want to go to the store without having to sanitize everything before touching it or take my dog to the nearby water park, etc. I would be down to do some kind of group call with everyone some time its always nice to meet other people doing the same thing.
*Thread Reply:* As an Irishman in lockdown myself in France, I’m up for a virtual pub session which I’ve been doing with our team once a week for the past few weeks. We’re lucky as we live on the Côte d’Azur so sun is a plenty, we have grounds around our house and we have the added benefit of living in a private domain which means I can go out for a run or walk in nature whenever I want. I’ve also been spending some quality time with my family especially my children. Work wise I’ve been flat out actually getting stuff done that was on the back burner...documentation, presentations with other teams...
*Thread Reply:* 🤔 @Damian your quarantine experience sounds quite a bit better than being stuck in rainy Limerick!
*Thread Reply:* Currrent view from the home office ;)
*Thread Reply:* Complete with LEGO gifts from my children 😂
*Thread Reply:* Ok thats a pretty good view considering!
*Thread Reply:* Someone kick this jerk for rubbing it in 😄
*Thread Reply:* So you managed to escape Paris like me before the sh**t hit the fan? 😆
*Thread Reply:* @NicolasR Is that a portal to escape to the nether world!!!
*Thread Reply:* Yep 😄 💪 escaped just 1 day before 👌
*Thread Reply:* Hi @Lewis Garton ! How are you?
*Thread Reply:* very good (considering the situation outside of course..) thanks!
*Thread Reply:* Keep safe!
@Kishore Bandaru has joined the channel
General request: Hi all, am doing a video series with experts who have deployed various MDM/EMM solutions in their organizations. It would be close to 30 experts from the field and will be offered as a free content to the community and also the world at large. If interested can you write to me with a short bio for me to schedule something soon on your calendar? Look forward to this community support and people coming forward to participate. you can write to me at ramanan@ramanan.xyz
The questions and interaction will be close to being generic and will be sent to you before the interview.
Hope for an overwhelming response. Please do mark the subject line as Mobile Pros.
Hi all, good evening. Encouraging to see 10 CEOs respond on my video conference request. Its quite exciting. Am waiting for 30+ speakers across the month. Can you please send in your nominations to ramanan@ramanan.xyz
@Justin Van Druff has joined the channel
👋:skintone2: Everyone! Anyone here eval’d and/or deployed App47 MAM?
Hello all, we’re launching Phones for Patients here in the UK. I’d appreciate your support with this project please: let us put surplus devices, chargers and cables to good use. Details here: https://phonesforpatients.uk/
*Thread Reply:* Happy to share on social platforms to help drive donations.
*Thread Reply:* Actually @Jay got a tweet out, so just gave that an RT
*Thread Reply:* Thanks @Woody and just retweeted the tweet from Bridgeway as well! Great initiative!
*Thread Reply:* Thanks, guys! @phones4patients is our Twitter handle for this.
*Thread Reply:* if i could get into the office i could of donated a whole heap of Samsung J5 devices 😞! great initiative by the way! I'll see if anyone is going into the office anytime soon and can potentially help
*Thread Reply:* @Ajay Patel That would be perfect for care home patients - a currently much overlooked part of the patient comms challenge. If you can, DM me and we’ll arrange the rest.
*Thread Reply:* @Woody @Jay Thank you - the more we can share this, the faster we can receive and deploy devices
Thanks to our very own @aaron for helping with a kind donation of the GroundControl software to help scale this up.
Thanks, I’m very proud of the whole team for putting this together so quickly
If you’d like to help, but are wondering how, here are three specific actions that would be of invaluable help:
Firstly you can donate individual spare cables and chargers for mobile devices. Then send them to our office for us to distribute to NHS hospitals and care homes that need them.
Please send any surplus chargers and cables to:
Phones For Patients c/o Bridgeway Security Solutions Bridge House Anderson Road Cambridge CB24 4UQ
Thank you!
If you’d like to get involved with our initiative the second way you can help is to talk to your Senior Management team to see if your organisation has any spare mobile devices that you can donate. These will help patients in NHS hospitals and care homes have that vital contact with their loved ones. Please fill in the form at: https://phonesforpatients.uk/donate-devices
And finally, the third way you can help is to share our Twitter, LinkedIn and soon Facebook posts across your social media channels. We need your help to make this happen and to make a difference to NHS patients lives now.
Thank you!
@Jason I’ve got a bunch of Android options. LMK if I can help and I’ll provide a list.
Has anyone started trying this out? https://techzone.vmware.com/blog/what-are-shared-ipads-business
*Thread Reply:* Yeah I’ve tried it briefly. I couldn’t get apps to install. But in general the UX is very cool, just like with ASM.
*Thread Reply:* I wiil be doing a POC for this in coming weeks for already enrolled devices.
*Thread Reply:* This is to allow Guest Mode or Anonymous Mode for quick access without needing to Authenticate
@Dimi Historically, we’ve created channels specific for Vendors
@Dimi if you’re looking to advertise your services, pop it in #jobhunters
@Jens Trendelkamp has joined the channel
Morning Everyone / May The 4th Be With You!
@Brennon Bissell has joined the channel
Happy Friday, Everyone!
@Tobias kiesenbauer has joined the channel
@Tobias Kiesenbauer has joined the channel
@Alvin Climent has joined the channel
@Adedoyin Adewodu has joined the channel
@Ricardo Bouwkamp has joined the channel
@Narinder D has joined the channel
@Jason Bayton hello sir guess who joined the club :- )
Well where the devil have you been all this time
@MobilXperts Admin @Jason Bayton @aaron Looks like the slack invite on the mobilepros website has expired 😉
*Thread Reply:* Looks like someone regenerated it 😁
@Jay Robinson has joined the channel
@Scott Valentine has joined the channel
@Dave Reynolds-Jones has joined the channel
A warm welcome to all our new members! @Jay Robinson @Patrick Bright @Paddy @CJFrickle @Scott Valentine @Dave Reynolds-Jones
The site that guided many of us through this community has shut down.
https://www.linkedin.com/pulse/eulogy-brianmaddencom-brian-madden
*Thread Reply:* Long live the king
*Thread Reply:* I'm of a similar vintage to Brian and that was a great read if a little scary how much time has passed. Brian madden and exchange experts were invaluable back in my old sys admin days.😢😐😄
Hey Mobile Pros looking for advice. How would you go about accessing client device management infrastructure/approach? They had quite a few acquisitions lately so now it is one company with 5 different methods of device management. Ranging from cloud first device management and down to patching with USB sticks. I’m a bit overwhelmed, not sure where to start. Most-likely will start with interviews and questionnaires. Anyone done anything like this, is there a framework for this kind of assessments. Help 🤯
*Thread Reply:* Need to understand their business requirements and also look at the “shortest” path to unification
*Thread Reply:* I guess you can drop usb patching 😂
*Thread Reply:* There is a method I like to classify functional requirements:
https://en.m.wikipedia.org/wiki/MoSCoW_method
*Thread Reply:* The outcome should be a recommendation on what is the best approach in their environment, but I'm guessing that would depend on the findings. It's how to gather requirements is what I'm concernd about. How to go about asking the right questions so that no rock is left unturned.
*Thread Reply:* Very useful and straightforward way to think. Helps a lot to synthesize functional/non functional requirements
@Deonti Johnson has joined the channel
@Matthew Taylan has joined the channel
*Thread Reply:* Yes, very interesting news yesterday. I think this will be most impactful and of concern to the other Apple focused vendors (Jamf, Addigy, Mosyle etc). Others with agnostic platform support may be less impacted.. I would assume Apple will probably add this to their Business and School Manager platforms..
*Thread Reply:* it was only a matter of time the way... i've dabbled with fleetsmith and their iOS capabilities are very good and intuitive platform
*Thread Reply:* It was the plan to add MDM to ASM and ABM. I was working on ASM and MDM was the missing link.
I'm honestly surprised they lasted as long as they did https://www.theverge.com/2020/6/26/21297400/microsoft-retail-stores-closing-cities-open
Yeah, now you have to go to another place to play XBOX while your wife is shopping 😂
Hey Mobile Pros. What are the emerging technologies in device management space (Mobile and EUC)? Have you seen lately anything on the news that got your attention?
*Thread Reply:* PWAs, iOS App Clips, OEMConfig with feedback channel, better control of Managed Play app updates.
*Thread Reply:* Any new concepts? like zero-trust, is that even considered emerging tech these days?
*Thread Reply:* What about user enrollment for iOS devices using managed Apple IDs for a partitioned work/personal experience (new for iOS 13 and Catalina)
Anyone here fluent in DUO and looking for some subcontract work?
@leanne kimber has joined the channel
Hello MobilePros, what determines device lifespan in your business ? Is there a best practice or a framework I can refer to?
*Thread Reply:* I've worked with quite a few businesses that the lifespan is based off when a device physically breaks and is replaced. For well-maintained applications, life spans will be based off when the applications take on some major update that will no work on older OS versions.
*Thread Reply:* Have you seen examples of a proactive approach ?
*Thread Reply:* Some companies tend to buy support warranties for the devices (Apple Care for 3 years iOS and OEM warranty for Android) and will track that in some sort of asset management software and have a workflow to replace the device when the warranty expires (either automatically or per user request). That is fairly common for corporate use cases as users do no want to be stuck with old phones.
*Thread Reply:* We do Tablet as a Service (TaaS) and have a lifespan of 3 years. The business entity pays a cost equivalent to the device, assuming some breakage and MDM fees built in. They then also pay 1/3 of that cost each year for 3 years, funding the replacement at that point. Lather, rinse, repeat. For phones, we are moving to automatic replacements at the end of the provider contract to minimize old phones and having so many models to support.
*Thread Reply:* we're a telecoms company in the UK and the majority of our smaller customers tend to do what @Glenn Schultz has said and change at the en dof a contract period. Our larger customers not so much. They need to be more "re-active than pro-active". For example, when a device goes EOL they might change their strategy or if their yearly budgets didnt take into account a device refresh they may wait until the following years budgets have been approved etc..
*Thread Reply:* generally recommend based on availability of security patches so 3 years max for Android (Samsung) and 4 for Apple. Custom applications can really impact device lifecycle though, if they require newer features that speeds up obsolescence and conversely if they are very sensitive to change they slow it down and create potential conflicts with required security patches.
*Thread Reply:* also if your use cases involve rugged cases, mounted devices, car integrations then that can make lifecycles longer as it's more expensive to update a fleet
@Jason Schlekewy has joined the channel
@Travis Reeves has joined the channel
@Vincent BERBINAN has joined the channel
@kamel moulaoui has joined the channel
does anyone know of a way to screen record an android device from out the box so we can video an enrolment process without the need for recording it from another device using the camera?
*Thread Reply:* Normally a userdebug or engineering build will allow this, or root. I can help you out with the former if you like, shoot me a message
*Thread Reply:* An external USB video card will help.
I use one and I can record both DEP and AE deployments from scratch
*Thread Reply:* The same kind of device that the kids use to record gaming sessions
*Thread Reply:* If Mobile device have HDMI output, that’s all what you need. Your PC or mac will detect it as a webcam so you can record or even cast
*Thread Reply:* Oh yeah those too, device needs to support HDMI but I assume plenty of Samsung do
*Thread Reply:* Any special software you use @Raul?
*Thread Reply:* Any software able to record from a webcam will work
*Thread Reply:* I usually record sessions with QuickTime and then I edit them with iMpvie or similar
*Thread Reply:* Got it. I do this on Apple enrollments, flaky on Android. Just good to know.
*Thread Reply:* I have an S10 and with that device I can record the session in HD
*Thread Reply:* thanks Raul will give that a go. Good to know for Apple enrolments too
*Thread Reply:* yeah, but be careful with iOS.
I’ve found that when you want to record DEP, if the device have any adapter attached (I’m using Lightining to HDMI adapter), it breaks the DEP deployment, so you need to unplug and plug again the adapter to see that the provision finish as expected
*Thread Reply:* Some folks using a Code reader gun attached to iPhone have also found the same issue
*Thread Reply:* You could just take screenshots throughout the process on the device itself and then retrieve them after enrollment
*Thread Reply:* you could then splice those screenshots together into a video
had a request from one of our customers IT Security team regarding Samsung devices...
*Thread Reply:* Implications = Faster unlock / lower security
*Thread Reply:* i've just re-read this but i dont think this actually matters. All the feature says is that if its enabled, a user will need to enter a password/pin to unlock the device. We push a password/pin policy regardless so even if this specific feature was turned off the device is still going to have a PIN/password
Hi MobilePros! I would like to know what limitations there are in MaaS360 with the new Android10 updates? What things stopped working in MaaS? If anyone can give me information.
*Thread Reply:* https://www.ibm.com/support/pages/maas360-android-10-and-device-admin-deprecation
@michaelsterl has joined the channel
Excited to join the lobby with Mobile Pros. 🤙
Alright first ask: Would any of you recommend any UEM Engineers 1. looking for a job or 2. looking for contract work? Location doesn't matter!
*Thread Reply:* check out #jobhunters
*Thread Reply:* Sounds like a great opportunity @michaelsterl Concur with what @Matt Dermody said. Post in #jobhunters, please 🙂
*Thread Reply:* cool. thank you for pointing me in that direction. (newbie)
Hello has any of you are using Device as a Service (DaaS) for Laptops or Mobile devices ? Please share your experiences.
@Suresh Gopi Kolluri has joined the channel
@Stephane Gregori has joined the channel
Can someone suggest a topic in the field of mobile device management where i can do my masters level research study?
*Thread Reply:* Handling contacts in Outlook/Intune 🤣🤣🤣
*Thread Reply:* Mobile Device management is Client Security and Client configuration for mobile devices. I'd start out by looking into client security. What are the risks, and how to mitigate them. The other part is configuring devices.
*Thread Reply:* Thats a cool idea but I’d be very concerned about loss, as you mention above! I’m currently looking at the 5c NFC version they just released. Do you guys use them across the company?
*Thread Reply:* @Jay we're contemplating options for MFA across the board (hourly/salary and for positions where phones are not allowed/etc)
*Thread Reply:* we use them to open doors in the office and to initiate vpn on mobile devices
*Thread Reply:* over the last 2 years we haven't had anyone lose thier Yubikey luckily. (I have crashed my 5ci which I carry along with my keys...)
*Thread Reply:* @Bartosz Leoszewski So is the key part of that Trespass unit you showed above?
*Thread Reply:* Or is "5" a manufacturer of NFC? Sorry, just clarifying
*Thread Reply:* Ahh, okay. Any Employee ID/Badge as part of it?
*Thread Reply:* Or does the Yubikey 5 act as both the badge (door access/etc) and MFA?
*Thread Reply:* it acts as both - door access + MFA. We are around 50 people - so we all know each other's faces - no need for a photo ID
*Thread Reply:* That's awesome @Bartosz Leoszewski
*Thread Reply:* I need to check and see what options exist for Yubikey in terms of doors/access
*Thread Reply:* one of our large customers chose this solution to control access using a mobile device (Samsung & iPhone in their case) - https://www.ima.cz/products/access-control-systems/imaporter-mobile/?lang=en. We did some consulting for them how to manage this as part of their UEM strategy, and we also decided on the same solution - as it also supports Yubikeys. In case of the customer it is a pretty large implementation - they have over 8000 employees and many locations, so seems to be a trustworthy solution.
*Thread Reply:* That's clean @Bartosz Leoszewski. We're planning for a lot of employees to not have (or not be allowed to use) phones. Hence the original ask
This hit #mobileiron but may be of general interest. https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html?m=1
*Thread Reply:* This vulnerability was patched before the beginning of the summer
*Thread Reply:* Yup, but how many have applied said patch? 🤔
*Thread Reply:* My take-away is this: the bad guys are now very aware that MDM exists and is powerful.
Hi everyone.. so thought long and hard about posting this but here goes.. so a friend and I have been putting out our own podcast for the last 7 weeks… a small and steady listener base which is under a 100 currently and we want to grow that. We cover the latest tech news, games, TV stuff and have a good craic… I won’t lie when I say we are working on the production values (and would take any help there).. but its helped us cope a bit with all the crap lately and thought you might enjoy: https://podcasts.apple.com/gb/podcast/jay-karl-the-weekly-tech-rant/id1525937803
*Thread Reply:* and full list of where you can find us: https://anchor.fm/weeklytechrant
*Thread Reply:* We’ll be putting out an Apple Special this week (of course!)
*Thread Reply:* This is great! Thanks for posting Jay!
*Thread Reply:* Here is our Apple Event Special https://anchor.fm/weeklytechrant/episodes/Episode-8-Time-Flies-for-Apple-as-we-take-a-look-at-the-latest-tech-in-our-first-Apple-Event-special-ejti3b
*Thread Reply:* plus Apple Podcasts link https://podcasts.apple.com/gb/podcast/jay-karl-the-weekly-tech-rant/id1525937803#episodeGuid=186f712a-c809-48bd-bff4-a6e6663aa019
@Werner von der Ohe has joined the channel
@Gaétan Vouillamoz has joined the channel
@Tobias Kiesenbauer has joined the channel
Are there any other great Slack workspaces out there for Microsoft topics like O365, Active Directory, ADFS?
*Thread Reply:* I see a Microsoft (as is) one out there
*Thread Reply:* https://mobilxperts.slack.com/archives/C720Y1CTS
*Thread Reply:* Thanks.. and any other group except the Mobile Pros group to recommend?
*Thread Reply:* I’m sorry but my Corp workspace and this one are enough amount of channels for me 😂
*Thread Reply:* I’d love to spin-up one for Okta. I’m always having lots of fun over there
*Thread Reply:* I have a OKTA dev account and an O365 dev account, both free, to play with Access
@Preston Broderick has joined the channel
Ivanti has brought MobileIron and Pulse Secure!! https://www.ivanti.com/company/press-releases/2020/ivanti-announces-strategic-acquisitions-of-mobileiron-and-pulse-secure
*Thread Reply:* We also talk about it in the #mobileiron channel 👍
https://twitter.com/MSFT365Status/status/1310696819135901696
@Gabriel Nogueira has joined the channel
Any insight on IBM MaaS360 per user vs per device? Pros/Cons (outside of cost).
*Thread Reply:* @michaelsterl can you ask your question another way?
*Thread Reply:* let me know if this helps:
thinking of offering the per user model vs the per device model and curious if anyone has 1. deployed the user model 2. any general feedback 1 over the other
*Thread Reply:* We went with the per device model, not user. This came down to costs really. We have > 15k in our environment, financially it made sense. Otherwise, I believe the setup is not really any different from a GUI or end user experience.
*Thread Reply:* There is no difference in functionality, it really comes down to how many devices your users have and are looking to manage. If all users have multiple devices (laptop, tablet, phone) and you are looking to manage them all, it may make sense from a pricing perspective to pay by the user
@Matthijs Schut has joined the channel
Folks, help me with a bit of info please -
Is your EMM one of the big players, and what sort of SLAs do you get on support requests that are P1-P2 vs P3-P4?
I should state MSP/partner SLAs are also fine, just saves me trying to find each solution separately to compare 😄
*Thread Reply:* are you looking to build a bit of a chart on published SLAs for various service tiers per EMM, or more like average response time
*Thread Reply:* this is kind of interesting because we all know response time does not equal resolution time so now i’m curious what the community feedback is
*Thread Reply:* the former, but I'd happily take real world experiences
*Thread Reply:* I'm not writing about or publishing anything, just for my own use
*Thread Reply:* in my experience it completely depends on the type of issue. For example i had an issue with MaaS360 and cloud extender and that ticket took about a day for someone to get back to me. But again same product had an issue with regards to DEP enrolments and they came back to me with the resolution in about 30 minutes. WS1 is good at coming back to start the troubleshooting flow very quickly in my opinion but if the first time resolution doesn't work they are very slow at responding after that.
*Thread Reply:* Majority of issues were either sev1 or sev2
*Thread Reply:* I've been helping customers in Sweden with implementing and developing EMM for 9 years. Most of my customers are using Workspace One, with that said all vendors I have leveraged over the years have very similar support-solutions unless they decide to go for the higher tiers of support. Even if they have short response times they very rarely solve the issue before its handed over to engineers.
When it comes to partner channels in Sweden MobileIron has always had outstanding local presence and expertise, even though their normal support is just as lacking as all the others.
*Thread Reply:* This is great info folks, thank you.
*Thread Reply:* Workspace one here, i'm on a 5x8 plan with 4 hr service on p1 issues, no complaints, and usually have a reply on lower case issues within 8hrs.
Has anyone (successfully) configured the new Microsoft Enterprise SSO extension for iOS in their Intune environment?
Curious: Who likes to capture a video when you accomplish an amazing feat? Is it something you'd feel comfortable sharing to a private repository for others here to learn from?
*Thread Reply:* Do we have a baseline for amazing? I got out of bed this morning without complaining about how early it is 😛
*Thread Reply:* That's an ample baseline @Jason Bayton! So long as it involves something mobile/endpoint 😆
Loom is pretty good for that sort of thing
*Thread Reply:* Appreciate the suggestion! If everyone got a free account and we added a #Video channel.. I think that would do the trick. I'm a visual learner so I figured why not find a way to share in that format.
@Antoni Font Schilt has joined the channel
Has anybody got an idea on how Apple Mac M1 devices will be managed? Are the going to be like Macs or like iOS\iPad OS?
*Thread Reply:* I suspect not much will change and will remain like Macs. Saying that seems many vendors are staying tight lipped (disclaimer I work for VMw).
*Thread Reply:* Hi Jay, I used to work for VMware, in Milton Keynes before they closed the old AirWatch office. Now I'm at a partner and I'm excited to see if M1 brings some new management options or if it's the same kind of thing we have at the moment with Macs.
*Thread Reply:* i dont suspect the management mode will change in my opinion. I love the idea that you can run iOS/iPadOS apps, however a lot of big vendors (Google, Amazon, Facebook etc) are not bringing their iOS apps to the Mac App store (for now..) so it could be great for some but crap for others...
*Thread Reply:* @Ajay Patel Yeah I hear that Photoshop isn't going to be ready for M1 until 2021 and I'm old enough to remember Rosetta in the PowerPC transition and how that went. I kinda hopped that the way iPads are becoming more laptops (mouse and keyboard support, multi-window) would start to see a merge to the actual laptops so that, as you said iOS apps could run on Macs. But I guess not just yet.
*Thread Reply:* but if an applicable desktop app is available (e.g. photoshop) why would you want the iPad version?
*Thread Reply:* The documentation for building your own MDM (and the reference for existing MDM’s) is all available in the developer portal (https://developer.apple.com/documentation/devicemanagement) If you are in the Beta programs as changes are released to beta they will show up in here as well (you can change build versions in the upper right corner. )
Has anyone worked with Adobe Sign for Business? Looking for a solution that incorporates signing with digital signatures. https://acrobat.adobe.com/us/en/sign/digital-signatures.html
*Thread Reply:* We use DocuSign internally
*Thread Reply:* https://www.docusign.com/
*Thread Reply:* @Raul Looking for a means to sign the document using a certificate issued from a trusted CA. Customer is familiar/has a relationship with Adobe, but I can look at DocuSign as an alternative option
@Conal Murphy has joined the channel
Hi all, a newbie here. Just having a browse to see if I can find a solution to an issue I'm having with iPhones and DEP. It seems that when I register a device using Apple Configurator it becomes supervised which is great but for devices that have been registered by the reseller Vodafone UK in this case these do not appear to be supervised even though they are listed automatically in the business portal. I thought, and feel free to correct me, if a device is registered in the portal it should automatically become supervised? I could be missing an obvious step in the process but if anyone has any hints or tips do let me know. Ta
*Thread Reply:* The device isn’t supervised until it’s enrolled with an MDM after resetting the device
*Thread Reply:* Apple doesn’t allow on the fly conversion of devices from unsupervised to supervised without wiping them
*Thread Reply:* Thanks for the reply guys.
So the devices we are trying to manage through intune. Apple configurator resetted device works as I would expect showing as supervised in InTune, can do the full lost device, etc.
A resetted device which is assigned to the intune MDM in DEP is now asking for a username and password at boot up at the Remote Management screen. What should that username and password be? I'm probably missing something really simple here so apologies.
*Thread Reply:* That is the username in the mdm.
*Thread Reply:* Once you pass the remote management screen the mdm handles the enrollment and assignment to a user (if needed) during enrollment. This can be skipped and the device will still be enrolled. To your earlier comments on supervising devices, if they are assigned to an mdm in abm and during the setup are automatically enrolled they will also be supervised at that time.
*Thread Reply:* @Todd Cole You mention the username in the MDM, are you referring to apple business manager or intune?
*Thread Reply:* @Conal Murphy The only time ABM “User name” and iTune would match is if you were using federation. then the Managed Apple ID In ABM should match/refer to the Intune AzureAD ID. Other wise everything after the “remote management” screen is driven by the MDM (Intune)
*Thread Reply:* Cheers for your help guys, I will have a proper test tomorrow and let you know how I get on
*Thread Reply:* Hi guys, made some good progress on this and beginning to get my head around it, so thanks again. One thing that seems to be an issue is getting a new out of the box device registered in intune as a Company device. The policy has been created and assigned to a dynamic group which has the following syntax (device.deviceOwnership -contains "Company") Am I able to register a new out of the box iPhone as a company device before turning it on? I can see the serial number from the Enrollment program token but not in all devices.
*Thread Reply:* The procedure of ABM is very straightforward, and similar across UEMs
*Thread Reply:* Integrate your UEM (Intune / MS Endpoint Manager) with ABM and upload token to UEM.
Assign devices on ABM to UEM.
Create a DEP profile on UEM and assign it to devices synced from ABM
Provision devices
*Thread Reply:* MEM is a kid’s toy, so should be easy
*Thread Reply:* Make sure you have MDM push (APNS) certificate and DEP Tokens configured.
*Thread Reply:* also join #microsoft_endpointmanager channel
Hey folks... any idea if we can setup a managed Chromebook virtual machine in Windows or Apple machines?
*Thread Reply:* That’s a great question. I’ve not seen one up to this point.
*Thread Reply:* Please do let me know if you come across any such requirement in the future… 🙂
Hi all, I want to prepare myself for new things and functionalities that might emerge in the next year and might need some time to wrap my head around. I thought starting a small thread here would be a good idea to collect some ideas. What is it that some of you might see as big game changers in the mobility world for next year?
Android Enterprise Essentials, that Google is launching early 2021, could be a game changer in the future - although it doesnt seem to offer too much yet.
*Thread Reply:* Nor I believe will it. It wouldn't take too much effort to be competitive with EMMs and I know they don't want to encroach
*Thread Reply:* I like the Android Enterprise Essentials. Really do. But I don't think businesses will move to this. I think eventually it will end up in the Google Graveyard.
So with Slack being sold off will this community still stay here or will it end up migrating to a new platform?
*Thread Reply:* I don’t think so they will decommission this. Until it is active, this community will be active… :thehorns::skintone_2:
*Thread Reply:* I’ve been thinking about the same myself @Boe
*Thread Reply:* I like having all my Workspaces in one app (Slack) so I personally would like to keep it here if possible
*Thread Reply:* Woody did you have to use the word Teams?
*Thread Reply:* I'm impartial @Woody as this is the only thing I use slack for at this point. Everything else I use like this moved to Discord long ago but I get the whole wanting to keep everything in one place.
*Thread Reply:* I’m not impartial. I still have to see the day where no one on my Teams meeting have any issue with the audio or with a crazy slowness
*Thread Reply:* It didn’t have happened yet on a single one
*Thread Reply:* I suppose my only hang-up is once you’ve got everyone in a place.. you’ve got everyone in one place. I don’t mind moving elsewhere, it’s just the fragmentation that can be an annoyance
*Thread Reply:* also the moving of previous threads etc.
*Thread Reply:* @Ajay Patel But it’s not as if these are archived, either?
*Thread Reply:* @Boe Discord was new to me. I feel so old… 😞
*Thread Reply:* no thats true but i have a few saved items from posts that have been really helpful
*Thread Reply:* @Jason we just have the free 10k retention. After that they’re 💥. Agree @Ajay Patel copying/saving convos or files to something like OneNote/Evernote is your best bet.
*Thread Reply:* I suppose the question is if we were to move, where would we want to land permanently and would it provide what we need for now and long term?
Anyone have a favorite file storage service that’s not Google Drive, Box, Dropbox or OneDrive? Preferably IL2 certified
*Thread Reply:* NextCloud!
*Thread Reply:* previously known as OwnCloud. We are big fans. Cross platform, mobile access, easy share links. And did I mention that it is OPEN SOURCE!
*Thread Reply:* @Matt Dermody does it have to be hosted on-premise?
*Thread Reply:* @Drew Petersen Set it up for us
*Thread Reply:* I think our instance is in Azure
*Thread Reply:* NextCloud is fantastic. We self host but NextCloud offers Enterprise hosting options also.
*Thread Reply:* It's not on premise though, it's in one of our cloud VM clusters
*Thread Reply:* @Drew Petersen Great to have you here!
*Thread Reply:* So I’m going to assume it could run on a VM certified in GovCloud. Yeah?
*Thread Reply:* yep - they have lots of security certifications and reports posted on the website. it’s solid software.
*Thread Reply:* Mr. Bayton will probably have something to contribute once he sees this as well as we’ve seen him contributing on the NC forums
@Concerned NYCityzen has joined the channel
It seems kind of quiet around these parts. Everyone starting to check-out for the Holidays?
*Thread Reply:* wishful thinking!
*Thread Reply:* Although I imagine a lot of us are in the support and maintain mode rather than trying to deploy anything new right now
*Thread Reply:* I saw it at LinkedIn CyberSecurity Hub and indeed it’s quite impressive
https://www.mirror.co.uk/tech/breaking-gmail-google-youtube-down-23164823
Any recommendations on a "MSP" that has UEM support and lic mgmt as their primary GTM strategy? Domestic to start / International support a bonus / Engineering staff on site / 24-7 helpdesk? DM me if you know or recommend anyone.
*Thread Reply:* Merry Christmas to you and yours, @Ajay Patel! Looking forward to a happy and prosperous 2021 🥳🎅:skintone2: 🎁
Unfortunately I ran out of stamps, so I’m sending our Christmas card to you all digitally. A heartfelt “thanks” to each and every one of you who make work in Mobility space so much fun. I look forward to another year alongside you all in 2021!
*Thread Reply:* Merry Christmas Woody, and to all of you contributing here!
*Thread Reply:* I have stamps! Merry Christmas
*Thread Reply:* Merry Christmas @Woody. Nice family! I'm sure the kids are super excited for tomorrow!! (mine are!)
*Thread Reply:* @Ray Domingue Thanks man! They’re pretty stoked. I’m just thrilled we made it to this point, since we’ve been home/distance learning since the spring. Santa--bring it!
*Thread Reply:* Merry Christmas Eric and all who have been so kind and patient 😁
*Thread Reply:* Merry Christmas @Woody, all the best to you and your family.
*Thread Reply:* Thanks @ZL! Merry belated Christmas to you all as well. Oh, and a Happy New Year!
*Thread Reply:* @Woody apologies for late reply but hope you all had a great Christmas and Happy New Year! Great card by the way :D
*Thread Reply:* Thanks @Jay! Going a little stir crazy at this point but that all should change tomorrow 😜
*Thread Reply:* As someone with 4 kids also, I fully understand that 🤣 I’m looking forward to getting back some form of routine tomorrow!
*Thread Reply:* @Jay feel free to share any tips you come across 🙂
Hi everyone, happy holidays. Here’s some info bout me, www.scap.nyc & www.Prithvivc.com I also run my own ClimateTech syndicate & ClimateTech rolling fund on AngelList besides being part of Jason Calacanis syndicates. DM me if anyone is interested to join my ClimateTech Syndicate.
Happy new year folks!
*Thread Reply:* Happy New Year to all! Heres to a better one (hopefully)!
*Thread Reply:* Happy new year everyone!
*Thread Reply:* Happy New year everyone!
*Thread Reply:* Happy 2021 ~ Better times ahead! 🎉
*Thread Reply:* Welcome @Sherman Chen! Long time no speak 😉
Heya @Woody! Hope everyone is having a great new year!
*Thread Reply:* The 7-day 2021 preview ends today. I’m still deciding whether I want to cancel and get my money back 😉
@Peter van der Woude has joined the channel
Welcome @Peter van der Woude! Great to have you here
*Thread Reply:* Thank you @Leon !
*Thread Reply:* Welcome @Peter van der Woude! I was checking out your Blog earlier and thought.. this guy would love the community. Way to go @Leon 🙂
*Thread Reply:* Thank you @Woody !
*Thread Reply:* Thank you @Jon Henson !
Hello everyone... Hope everybody are doing well, safe and healthy.
I had a random thought today and I would like to take this moment, thank you each and every intellectual, expert and engineer who are a part of this forum. Sharing, discussing and putting forward the knowledge they have, helping others to grow equally. Thank you once again. Hope we continue this journey and keep growing, learning together.
A very big massive thank you and a BIG BOW to @Jason Bayton without whom this forum would not been such a boon to every mobility engineer's life! Thank you Jason! 😄
Thank you @ZL @Matt Dermody @Woody @DirkC @Ladislav Blazek @Dimi @Rajesh Kumar @Wannes De Boodt @Andrew Montague @Ivo Kazimirs @Boe @Mathieu Beaugrand @Jay @Mark Vonk @brandobot @Ajay Patel @Scott @brob @Barbra Conner @System Admin @Camilo Lotero @SS @Damian @Tycho sincere apologies if I have missed to mention anyone... I personally thank you each and everyone of you who have been a very important part of my mobility journey!!! 🙂
God bless everyone! 🙂
*Thread Reply:* Love this and echo the exact same sentiments @Prip! I was just telling someone tonight how going it alone is no fun. Proud we’ve amassed such an amazing group of folks from all around the world. Cheers to years of fun (and some 🍻 when we finally get a chance to meet)!
*Thread Reply:* 1409 and still counting... 😄
*Thread Reply:* I too echo the same....Happy to be a part of such an amazing mobile experts here from all around the world. I believe we all learning and helping each others together.
*Thread Reply:* Appreciate the sentiment @Prip! Likewise, thanks to everyone responding to my questions and great to be part of the team.
*Thread Reply:* Thanks for the shoutout @Prip and to all the other fantastic people on here. It’s what makes the community so good!
*Thread Reply:* Thank you @Prip! It's been a wonderful journey.
*Thread Reply:* Wow! I’m just honored to be included alongside the other names on that list. This is a great community!
*Thread Reply:* Same I'm not sure I deserve to be mentioned along side the greats but I'll take it anyways 😄
*Thread Reply:* Thank you for the mention @Prip we have a great community here!
*Thread Reply:* The beauty is that you only need to help once and people will remember you. They might have tried to resolved a particular issue for days and you helped to resolved it. Just throw your ideas out there.
*Thread Reply:* Don’t mean to hijack the thread but after scouring the net for an app that could meet our needs for a corporate phone book, I should mention @Peter Mohr who advised me on a great app developed by his company that we are more than likely going to roll out in production if all our testing goes to plan. It’s great to see this group contributing to something like this too!
*Thread Reply:* Thanks @Damian Anyone can join the fun a give the app a go:
https://apps.apple.com/dk/app/corporate-phonebook/id1255925033
Works with any Office365 deployment
*Thread Reply:* That’s slick @Damian and @Peter Mohr!
Anyone here using Okta? Started an Okta Pros Discord, if you’re into that sort of thing. https://discord.gg/yQKRaSTCUq
Just testing the waters to see what everyone thinks about Discord. I don’t know that Slack will entirely eliminate free Workspaces, but with the Salesforce acquisition anything is possible.
*Thread Reply:* Was just going to say.. this is a interesting poll! Discord is good but the workspace integration with Slack is what I like! 1 App and for me 4x workspaces all easily accessible!
*Thread Reply:* and Discord is free for such Workspaces with the speed and user-friendly mode of Slack… and yeah @Jay’s point also, I have 5 workspaces at 1 place that I can quickly switch between…
*Thread Reply:* I know what you mean, something has changed and I can’t put my finger on it either. I find at work I mute so many channels now due and focus on key ones.
*Thread Reply:* I like that we/one of our vendors could sponsor Nitro for $99 a year.. and anyone in the server can “Boost” to support it
*Thread Reply:* Thats a pretty good idea. Shame Slack doesn’t have a “sponsor” plan!
*Thread Reply:* Yeah / They just rob you up front to avoid all the nickel and diming 😭
*Thread Reply:* I personally think Slack is gonna die off at least in its current form and sooner or later we will probably need to make the move to something. I use Discord for tons of other stuff so I would rather see it move there but I know not everyone is gonna feel that way. Also I don't think Discord has the data logging cap that Slack has were free accounts can only go back so far.
*Thread Reply:* @Boe you and I are on the same train of thought 🚊
*Thread Reply:* I mean I use it a lot lol probably too much at this point but the service is just so convenient but for use cases like this and other community based groups and of course gaming with my friends 😄. This Slack community is the only thing I use slack for every thing else I was in moved to discord awhile back.
*Thread Reply:* Okay, you win a prize for that @Boe!
*Thread Reply:* The way I see it, we’re IT people and are used to migrations. Yes, it would take some time but in the long haul seems to be the trend in where Communities are going.
*Thread Reply:* Woody I love your optimism! 😜 So who’s putting in the change request and planning the downtime and DR.
*Thread Reply:* I agree Woody as a service is far more popular these days and has a lot of great integrations for both admin management and also just hosting virtual meetups and what not. Also like ya said you people can choose to boost the server if they want to improve things like video and audio quality and what not. Also its seems like they were targeting people considering moving with the new Community Server option. https://blog.discord.com/discord-is-for-your-communities-3d14464d4c7b
*Thread Reply:* @Jay spinning the wheel ’o requesters now…
*Thread Reply:* I am new to discord so I’m not sure how I feel about the move. Isn’t it more geared to conversation rooms with live audio? I feel like if we moved away from chat to live audio that we would lose out on a lot of conversation history, especially since we span so many timezones.
*Thread Reply:* Am I thinking about discord the right way, or could we just use it for the chat functionality?
*Thread Reply:* I guess my concern is if it caused a cultural shift to voice channels we would miss out on our historical discussions and the searchable archive
*Thread Reply:* granted our searchable archive is limited by the 10K limit in Slack right now
*Thread Reply:* @Matt Dermody as Woody pointed out you can build the server however you want it. You can offer a mixture of both or strictly one or the other. Also you can set it up just like you have it here where users can give them self's roles which enable them to see different channels/topics they want to participate in so they don't have to see all of them. There are a lot of great features on the platform and I could be wrong but I would be willing to go out on a limb and say its being developed for more actively then Slack at this point. There are pros and cons to both platforms at this point but I wonder how long Slack will stay around as a free product now that they have been acquired.
*Thread Reply:* cool, I’m changing my vote in the poll then!
*Thread Reply:* I'm no guru on discord but would be happy to get on a call with whoever and discuss what I know and how to set things up if needed
*Thread Reply:* Well said @Boe. I would echo all of that.
*Thread Reply:* Thanks Woody, there are a lot of smart people who run this slack channel so I'm sure they could adapt to the world of Discord quick enough if the powers that be deem the switch worth it 😄
*Thread Reply:* I would almost say we stand a Discord server up to offer folks a chance to get familiar and make sure it meets all our needs (before making a final decision)
*Thread Reply:* been using Discord for a while now, but still have not used it for anything work related... feels like im falling behind
*Thread Reply:* @Camilo Lotero I don't use it for anything work related either currently but a number of hobbies I'm into (custom mechanical keyboards, audio, etc) all leverage Discord a lot so I've become very familiar with it as well as I have my own server I use for interacting with both IRL and online gaming friends. For better or for worse its pretty much a house hold name at this point.
*Thread Reply:* For awhile it felt like everyone was going Slack… so it was cool to try and have actual FT Work and Hobby (Mobile Pros) Workspaces all inside Slack. Now that Slack is “growing up” I think it makes more sense to continue letting the businesses continue providing Slack, but to move all hobbies/communities/forums into Discord. Mostly because of the uncertainty of Slack’s future regarding free entities.
*Thread Reply:* The issue with discord is that you cannot use multiple identities in the app. Unless I have missed something 😏
*Thread Reply:* @RJ honestly for all of my “personal” endeavors I prefer one sign-in. For Slack being enterprise-aware it makes sense, but on the personal side just adds extra confusion.
*Thread Reply:* Following on from discussions yesterday. What was the consensus around testing the water with a Discord server?
*Thread Reply:* @Jay there is one currently being tested but you have to know the secret hand shake to get it 😛
*Thread Reply:* For those wanting to check out Discord, pasting the link below. Disclaimer: We’re just kicking the tires/comparing functionality. No plans to make a move at this point.
*Thread Reply:* https://discord.gg/76nqpQPKwH
*Thread Reply:* There are some fundamental differences that make me not want to use Discord for anything work-related
*Thread Reply:* I use both platforms very extensively and have lots of slack workspaces and lots of discord servers - but i also have lots of DEVICES. mobile, laptops, desktops
*Thread Reply:* with discord, no matter where you log in, you get everything
*Thread Reply:* with Slack, you can choose which workspaces to add to each device - so I have Mobile Pros on my work MacBook, but not on my personal desktop, etc
*Thread Reply:* Wait you separate your personal life from work life what is this craziness you speak of :D
*Thread Reply:* @Drew Petersen all good points! I personally like everything sync’d across the board. That way (which ever) life throws something, I can respond accordingly (not having to run to the basement to grab a specific device/etc). At this point in my life that just works better.
*Thread Reply:* Boe - it has been a gradual move over the past couple of years. The blurred lines was not sustainable. I feel like it comes in tiers almost - would be curious for your feedback given you are all high performance tech professionals:
*Thread Reply:* @Drew Petersen 1) I agree 2) I agree, but only because I love learning in general. I have an RSS feed setup which is configured to feed me information about personal interests along with work interest, so I pick and choose what i read but I get a mixture of everything daily. I personally feel like to be successful in any I.T. career you are going to have to put in some time off the clock continuing to learn and grow. 3) I fall into the last part where I will jump in and answer when I know the answer, I have never let work be my entire life or identity though and I am just as happy to sit back in listen and learn when needed 4) Yes, I am guilty of checking email while I am out of the office, let us be honest we all do it 5) I think this applies to everything, I take breaks from all my hobbies as a way of resetting and refocusing every couple of months 6) I think I am currently in that stage now As for the whole lets only put a work app on a work device and personal on personal, I guess that is where we differ the most. First because I primarily manage BYOD device so that throws the separation idea out the window all on its own. Also, for me I turn off notifications to work based stuff on my phone, so I only see them/check them by my choice that way they do not interrupt me during my down time. As you can see from the screen shot, I shared before I am in tons of Discord servers but the only server, I get real time alerts/notifications from my personal server all others are muted and require me to check them when I so desire. The same goes for slack while its on my personal phone all notifications are turned off, so I only see things when I choose to launch the app and check the. I will say that I can appreciate the separation idea and I know it’s required for some as the temptation to check things all the time can be hard, but I think that ties back to your point #6 and learning what a good balance looks like for you personally as everyone will be different. Hope all this makes sense.
*Thread Reply:* It does! Love the feedback and different perspectives. I have also used muting and selective notifications to help prune down
*Thread Reply:* Muting is a must the flow of constant information and simulation is just way to much these days. Very few apps on my phone both personal and work are able actually notify me. I think I would have gone insane being stuck in side with this covid crap had I not done that
*Thread Reply:* I don't like Discord very much (even though I'm big on gaming). It's yet another walled garden that may be monetised in the future. Right now they don't because they want to grow. Once they have a majority of the market like slack does now, I'm sure they will. Also, their ties to tencent are a drawback in my view.
Moving to a Matrix server would be nicer IMO. It would be completely free of commercial concerns that limit us so much here on slack. And from one Matrix server you can join the entire Matrix world.
Anyway these are just my 2 cents 😉 If we move to Discord I may just bridge it to Matrix on my side.
*Thread Reply:* PS: I do think blurring lines is between work and personal is sustainable.
But for me my work is also my hobby. I really love having very little separation and it's always been like that for me. No burn out or anything 🙂 For me the weekend often means hanging out at the makerspace working on other tech stuff 😛
Also, I live alone so that probably makes this more sustainable.
*Thread Reply:* I guess I would argue Tycho that they already are monetizing it with things like Nitro and I personally don't see them moving away from there current free model but I do know they have plans to add in more options that will be monetized. Then again I'm biased as I have insider knowledge since a childhood friend is a dev there. I'm the only one of my friends that never got into coding maybe one of these days I will but I'm glad they did because a number of them work at game studios for games I play and as the kids say "skins = wins" and I get plenty for free thanks to my friends 😄
*Thread Reply:* Also I'm open to whatever everyone decides I have no stake in this fight, never heard of Matrix servers before guess I got something new to learn about now 😄
*Thread Reply:* Matrix is an open decentralised chat network very similar to slack. You can host your own homeserver, and channels propagate through the network. You can use many clients but Element is the biggest one. I don't mind monetisation by the way. But it leads to lock-in. And the way Slack does it (with a significant price per user) it's just unaffordable for a community like us.
What I like about Matrix is that it's really open, not just open source like Signal but the network is fully open and federated as well.
And it's very light, you can host it for peanuts 🙂 Even though you don't have to, you can use public servers too. And you can have bridges to many other networks.
PS: I don't view this as a 'fight' 🙂 @Boe Just raising what I believe is the most unencumbered solution. However I will follow if the community decides they will move somewhere else.
*Thread Reply:* love Discord
*Thread Reply:* Just a reminder if anyone wants to experience what Mobile Pros would look like on Discord, here’s the link: https://discord.gg/xvWfMPEjen
*Thread Reply:* If the community were to move I'd look for something open source and self-hosted. Moving from one walled garden to another - which could easily also suffer the same takeover fate, doesn't make much sense to me.
Two considerations when I think about it -
*Thread Reply:* Looking at something like Rocket Chat, which emulates Slack considerably, an import of the public channels will transfer roughly 50k of 113k messages, which means 60k are spread out across DMs and private channels; the private channels could be gotten around by making them public temporarily working with the private channel owners, the DMs would be lost.
*Thread Reply:* I ran a Rocket Chat server for some time internally at my company a couple years ago. We kept hitting the limits in Slack free version so having a self-hosted option with no message or file upload limits seemed logical. It looked nice, very slack-like and the apps were nice. The web interface worked well for folks who didn’t want to install the app. But… I couldn’t get people to use it over Slack - even though we were severely limited on the free version.
*Thread Reply:* Eventually we ponied up for the paid version of Slack and it was retired with very little use.
*Thread Reply:* Can we crowdfund Slack for ourselves? I would pay a couple bucks a month to keep this community going
*Thread Reply:* Totally could. Could also seek sponsorship from industry outfits. Plenty of options!
Oh lordy. Am I the only one to think I feel too old for this UI?
*Thread Reply:* It took me awhile to warm up. But then I started adding more servers into the single app.. and the enjoyment of that led me to accept the UI
*Thread Reply:* Old.. nah! Perhaps having one of the senior moments we’re entitled to.. but don’t go there with that Old talk!
*Thread Reply:* @Jason https://discord.com/
*Thread Reply:* Oh yes, thanks. There’s me looking for it on the macOS App Store. Silly me.
*Thread Reply:* No worries we all have our trained bad habits 😁
*Thread Reply:* I too have the habit of typing before I look… then deleting said typing
*Thread Reply:* lol listen its not my fault this dinosaur of a program doesn't translate emoji correctly if you don't hit the spacebar after entering it 😛
@Freek van Delft has joined the channel
@Thomas Steinmetz has joined the channel
Thanks for having us!
@Gianmarco Cerruti has joined the channel
@Matt Danon-Kerr has joined the channel
Look at that mini influx! Welcome all 😎
*Thread Reply:* must have been that linkedin post!
Hey hey!!! This is a great idea!
So, what's everyone's preferred MDM and why?
*Thread Reply:* My preferred is SOTI because I deal primarily with rugged Android dedicated device deployments of Zebra & Honeywell.
My least preferred (arguably hated) is Intune/MEM because I deal primarily with Android dedicated device deployments of Zebra & Honeywell 😂
I’m somewhat of an outlier here, but its great to have a community with a bunch of different perspectives.
*Thread Reply:* from using the many different vendors over the years i have to say my favourite is Workspace One. The feature set and responsiveness to new technologies has always been impressive. Support has lacked a bit but that's the same with any major vendor. I think it definitely has the best UI I have seen out of any. Again same as Matt my least preferred would be intune/MEM but im using this more and more on a daily basis with my customers who are migrating their infrastructure into the Microsoft Cloud.
*Thread Reply:* WS1 is pretty great for my use case as well, probably my 2nd favorite EMM. Certainly more capable as a corporate wide EMM than SOTI. It’s really unfortunate to see just how many WS1->Intune migrations are happening right now.
*Thread Reply:* @Matthew Jones oh what have you started. Obviously it is Intune, because it is a true UEM and has native integration into all other MSFT products. You can’t get that level of integration anywhere esle.
*Thread Reply:* Identity - Azure AD, Defender for Identity, Privileged Identity Manager, EDR - Defender for Endpoints SIEM - Sentinel DLP - Azure Information Protection CASB - MCAS You can achieve Zero Trust with a single vendor.
*Thread Reply:* ZL, what about ACTUALLY managing devices though? It’s almost like UEM got so far away from EMM that it barely even does MDM now!
*Thread Reply:* MDM/MAM UEM it has everything that majority of customers need. If you going through transformation and O365/M365 it would be silly not to use Intune in some capacity or another.
*Thread Reply:* I agree that direct file placement is lacking , but that can be mitigated with app redesign.
*Thread Reply:* I predict that half of MDM will go out of business in next couple years. There are not enough Intune engineers in the consultancy that I work for, they pay £5k referral bonuses for consultant/arch level resources.
*Thread Reply:* I try and lean towards whatever is most suiting to the customer’s needs. My personal preference these days is MobileIron, WS1 and Intune. As @ZL said, many are folding so the best solid you can do for a customer is to get them into a boat that isn’t going to sink.
*Thread Reply:* I don't know as of today probably WS1 but then again I have been around a while. I still am partial to Blackberry. Curious to see what it looks like now. Good was today's Intune. Now that Brad Anderson has left it will be interesting to see if they speed up or slow down on innovation
*Thread Reply:* MDM - prob WS1 although I have a soft spot for MobileIron's UI! UEM - prob MEM as ZL has laid out. When it comes to managing W10 and iOS, Android in a single plane with O365 and Azure integration it's hard to argue against
*Thread Reply:* From an technical perspective (and personal) I prefer MobileIron because of the UI and customer support. I’m not sure what support looks like for them since the acquisition, but prior, it was far superior to WS1. Having worked intensely with WS1 for the past year, and having worked with it many years ago, it’s kind of a train wreck from a bug and support perspective. Also, recently delving into InTune as a result of migrations from WS1, it seems to have a lot of limitations, particularly from an internal Android app perspective. From a customer/client perspective, I agree with Eric, in that there is not a one solution fits all, but if I had to recommend one solution only, it would probably be WS1 because of its features and capabilities. Plus there is the bonus, because it’s buggy, of job security. 🤣 And a second bonus for those working migrations to InTune that they will probably end up migrating back to whatever survived, most likely WS1, MobileIron and ?
*Thread Reply:* To piggyback on this question, if you were deploying a device (think Zebra TC52) which must be locked down to kiosk or single app mode, would you choose MobileIron, WS1 or Soti? The devices, when deployed, cannot be updated or altered in any way for anywhere between 6 months and 6 years and are essentially a data collection device. Additionally, what device would you choose to accomplish this?
*Thread Reply:* Also, could luck not altering them for that time frame. We tried applying that concept from legacy Windows CE management to Zebra Android devices and eventually gave up. Rugged devices will eventually get damaged and repaired and replaced. When that happens they almost always come back with a newer OS version from Zebra which may not be able to be downgraded, especially if they have changed a component like a display or a camera, thereby requiring a new BSP. Android, even in the rugged space, requires a lot more of a active management strategy than a “set it and forget it”/“Golden Image” strategy that we used to be able to employ
*Thread Reply:* SOTI Cloud is at least locked in on a given MobiControl version and will stay on that version until you request an upgrade since it is all single tenant. You can also choose to host it yourself. That way you can at least ensure that changes to the EMM itself arent forcing changes to how you manage the device inventory.
*Thread Reply:* WS1 on the other-hand is a mulit-tenant cloud environment that is regularly updated out of your control. A future upgrade to WS1 could break compatibility with say a Android 8 TC52 if you’re planning on running them for 6 years straight without touching them.
*Thread Reply:* I don’t know enough about Mobile Iron to speak to it.
*Thread Reply:* These would be clinical trials devices, so changes violate regulations. I can already see that the OS updates are going to be an issue. I’m not sure how that is going to be managed or avoided. Mobile devices were never intended to last that long.
*Thread Reply:* Great point about the WS1 multi tenant and auto updates.
*Thread Reply:* Zebra mobile devices ARE intended to last that long actually. They have great maintenance plans, and long term support models from the manufacturer. They will last, but keeping them configured exactly the same will be a challenge over that time frame .
*Thread Reply:* Beyond OS updates there are potentially other OTA updates to system components like WebView that could be coming from Google Play relatively out of your control. This can be problematic if whatever business apps that you’re running are dependent on WebView as that becomes a loose variable.
*Thread Reply:* just to chime in on the WS1 piece, you do have the option of dedicated SaaS as well it just cost more but you are in control of when it gets upgraded etc in that scenario as its dedicated to just you 🙂
*Thread Reply:* not having your tenant or devices upgraded in 6 years
*Thread Reply:* I don’t thinks this is technically possible. Unless its a Win10 Long-Term Servicing Channel
*Thread Reply:* one of the uses cases is medical devices.
*Thread Reply:* I’m not sure we could lock everything down as required with InTune.
*Thread Reply:* I’m trying to figure out, myself, how this would be technically possible and where the lines are drawn, what the limitations are.
*Thread Reply:* This will be an interesting and challenging journey, no doubt!
*Thread Reply:* if it is win10, you have all the CPS available to you , + kiosk + Powershell scripting for anything custom. The form factor would be a limiting factor.
*Thread Reply:* @ZL when you refer to a medical device use case for InTune, is there more information on that?
*Thread Reply:* https://techcommunity.microsoft.com/t5/windows-it-pro-blog/ltsc-what-is-it-and-when-should-it-be-used/ba-p/293181
*Thread Reply:* https://docs.microsoft.com/en-us/windows/iot-core/windows-iot-enterprise
*Thread Reply:* To add to this topic, is anyone familiar with bluebirdcorp.com devices and manageability through a “popular MDM”? Are there other device recommendations for the purposes I’ve described (kiosk/single app mode, everything locked down, no auto or OTA updates, etc.)? Some options under consideration are Bluebird, Zebra and Caterpillar. Thoughts?
*Thread Reply:* Zebra is the # 1 OEM for Rugged Android devices in NA with 65% market share and growing.
*Thread Reply:* Honeywell is the 2nd largest player in that space at ~10% of rugged android market
*Thread Reply:* and the smaller players like bluebird, datalogic, and caterpillar make up the rest
*Thread Reply:* Note this doesnt include Samsung “rugged” as they are not typically comparable data capture devices with features like hot swappable batteries and integrated scanners
*Thread Reply:* No need for rugged, but looking for some of the other manageability features. So, basically need only a data collection device.
*Thread Reply:* Are there limitations, restrictions or disadvantages by using the smaller players if rugged, or other features aren’t needed? Support? Manageability?
@Balaji Ramamurthy has joined the channel
@Martijn Rijerse has joined the channel
@Stefan Spendrup has joined the channel
❓ What EMM providers have you found to actually have reliably good support?
*Thread Reply:* Question inspired by this thread: https://mobilxperts.slack.com/archives/C1V75UE76/p1612898260169000
*Thread Reply:* Perhaps we are all too discerning given that we’re “Mobile Pros” so by the time we call into support we already have exhausted all of our other options and really just need it escalated to engineering.
*Thread Reply:* But I’m curious to hear what others have encountered. I honestly find better support in this community and on forums than through an EMM provider’s support line
*Thread Reply:* I’m going to sound like a broken record, but I say MSFT especially if you pay for premier support which is amazing. If its a regular support then you just need to play their game i.e. reboot device, collect logs. If that does not resolve the problem the next step is usually escalation to a product group.
*Thread Reply:* it takes some time but I would get result every time.
*Thread Reply:* I work at Codeproof. We believe that our software itself is great, but our quick and accurate support makes your experience amazing.
*Thread Reply:* Hi I'm new here, nice to meet you all. We work with IBM Maas360 and struggled mightily with the support for a few years. Like ZL wrote you still need to play the game to log the ticket, otherwise customer account reps cannot escalate. But now we do have the escalation path and can push enhancements to the product. Our license reseller is able to provide training and knowledge transfers for new features so we don't need to rely on IBM for it.
Have no experience with other EMM vendors' support but would imagine the bigger corporations are all about the same.
*Thread Reply:* The MDM software requires handholding in the beginning unlike other enterprise software's such as CRM..etc. Android OS/API sets are constantly changing. Like Jaakko said, the large EMM vendors have gaps in the escalation path which makes it hard to get an answer to tech queries in a timely manner. The smaller vendor like us is trying to fill this gap. Also, the smaller vendors do policy customizations/supporting a new policy/API..etc swiftly.
@Robert Schafer has joined the channel
@Kevin D. Langston has joined the channel
@Randall Cameron has joined the channel
@Nathan Kuykendall has joined the channel
@Massinissa Menas has joined the channel
Hi everyone! Happy to join.
Slightly off-topic, but currently trying to set up Apple’s parental controls on a pair of kids’ iPads. Struggling to make these work properly - anyone made these work consistently (in which case a reset may be required) or also struggled to enforce these limits? (And I appreciate neither of these are substitutes for proper parenting)
*Thread Reply:* What are you trying to do? are you also using iCloud family sharing?
*Thread Reply:* Yup, iCloud family sharing and using screen time controls - but these don’t always seem to work for us.
*Thread Reply:* @Jason We’re using it with 2 parents (iPhones/Macs) and 3 Kids (Macbook Air and an iPad for each). We’ve had good success on those devices, but we really need Screen Time controls in tvOS (kids can leave iPad game, then continue it on TV with no limits)
*Thread Reply:* Ok, so it sounds like a reset may be required to resolve this on one of the iPads then. Thanks @Woody
*Thread Reply:* I’ve found sometimes if they aren’t updated to the latest version of iOS (major versions) they loose contact with the Screen Time “mother ship”
*Thread Reply:* Because I would find one of the kids playing well past their allowed time and the report would show “0 minutes” from a parental report perspective
*Thread Reply:* Aha, this could be it as well. Thanks
@David Higginbotham has joined the channel
Welcome @Patrick MORAL and @David Higginbotham!
Have we been featured somewhere? So many new peeps lately, Welcome Everyone !
*Thread Reply:* Jason posted on LinkedIn, I think yesterday.
@Ronan SAILLARD has joined the channel
Hey I have a xenmobile xml question.. has anyone deployed an app in xen with custom attributes like server, login, file store .. etc
Has anyone actually gotten SSO to work on WS1 without Access??
*Thread Reply:* SSO Extension (New) or SSO Kerberos (Old)?
*Thread Reply:* I believe @Anton I was saying he got the SSO Extension for iOS/iPadOS working. That should have zero dependencies on Access
*Thread Reply:* @Melanie S @Woody is correct, but SSO these days can mean basically anything. What are you trying to achieve? 🙂
@Daniel O’ Riordan-Collin has joined the channel
@Henrik Karlsson has joined the channel
@Jaakko Anttonen has joined the channel
Hello everyone! Do you know if the synchronization of Exchange shared contacts also works on mobile apps (e.g. Outlook, Gmail or Samsung Mail)?
*Thread Reply:* @Gianmarco Cerruti there was a really good thread going on this a week or two ago. Let me find and mention you in it
*Thread Reply:* https://mobilxperts.slack.com/archives/C1U2R408Y/p1612165856012600
*Thread Reply:* Thanks a lot!
*Thread Reply:* Thanks to the linked discussion I found the answer to my particular problem and it seems that indeed it is not possible to synchronize shared contacts https://techcommunity.microsoft.com/t5/office-365/outlook-shared-contacts/m-p/1850579/highlight/true#M31842
*Thread Reply:* Oh interesting. Has the advice changed also on Android? I've got contact export into WP contacts app enabled by default now and hadn't looked into anything else.
*Thread Reply:* The problem was indicated to me on Android, from what I understood EAS does not support the management of shared contacts on mobile in general
This might be of interest: https://cloud.google.com/blog/topics/developers-practitioners/opening-googles-windows-management-tools
@Da costa Rodolphe has joined the channel
Intune is managed in PR China by 21Vianet on Azure physically separated from rest of the world. Do other vendors have similar setups? It appears at least Maas360 does not. https://docs.microsoft.com/en-us/mem/intune/fundamentals/china
Hi everyone - question: is it possible to manage Citrix workspace app config using Intune?
*Thread Reply:* Hello @RobK this one might be best suited for #appconfig. So you need a managed app config XML for the Citrix Workspace app. Yeah?
*Thread Reply:* One spot I always start with is the JAMF repository. Nothing showing there as of right now. https://beta.appconfig.jamfresearch.com/generator
*Thread Reply:* @RobK so from what I can tell, Citrix is using the “Storefront” to procure the managed app configs now for Workspace
*Thread Reply:* https://docs.citrix.com/en-us/citrix-workspace-app-for-ios/get-started.html#storefront
*Thread Reply:* It stinks because when it was Citrix Receiver, they had a generator to kick out the XML file for you. That apparently is now gone
*Thread Reply:* Hi Woody - thanks for your insights!
General question. I setup my Mobile Pros account with my company email. I just accepted an offer with another company, how do go about changing the email address? Or do I have to create a new account? Help plz. TIA
*Thread Reply:* I believe you should be able to hop into your Slack account that’s associated with Mobile Pros and update to your personal address, etc
*Thread Reply:* https://mobilxperts.slack.com/account/settings
*Thread Reply:* Wish I would have known that back when I changed🤣
*Thread Reply:* i've just changed this just in case 🤣
@Ricardo Martins has joined the channel
@Michael Schiefele has joined the channel
@Ligia Borbileanu has joined the channel
Hi all. Glad to be part of this community :)
Welcome @Daniel O’ Riordan-Collin! Great to have you
@Woody Thanks. I’m glad @Jason Bayton shared it on LinkedIn.
Hi all! I'm an editor for some TechTarget websites that cover mobility management. I'm hoping to join this group to see what common issues are- I will not write about or publish anything people say in this Slack community. If this makes people uncomfortable I will happily leave- all I'm trying to do is learn 🙂
Welcome @John Powers and @Tien Nguyen
Hi All
I don’t know if this is the right place for this request so if not, please let me know. While I work in the space of mobility for a large multinational financial institution I am currently undertaking a masters degree. I am part of a team project which is examining a standardised approach to BYOD programs within the enterprise and would really value your feedback into a survey which we plan to use as the basis of our project.
If you work in the field of Mobile Device Management/Mobile Application Management/BYOD program deployment within your company, I would appreciate if you could spend five minutes filling out the attached survey letting me know about what configurations you would liek to see in a proposal
Please reach out of you have any questions.
Thanks Dan
*Thread Reply:* Thank you @Jason Bayton , really appreciate it :)
@Derek Jacobson has joined the channel
Hi! It’s been a while 😊 has anyone deployed Zebra TC52s in their environment? If yes, have you ever updated the OS via an SD card?
*Thread Reply:* 👋:skintone2: @agentfrootjoozz - I recall @Caryn having recent experience with them
*Thread Reply:* I’m wondering if anyone has ever experienced a reset after updating with an SD card? It’s not suppose to but I’ve been experiencing random full factory resets after an update
*Thread Reply:* Yes, I have and no we did not do any OS updates on them, SD card or otherwise.
*Thread Reply:* For OS updates on other Zebra and Honeywell (through products), there were always reboots, but not factory resets. They were not SD card OS updates.
*Thread Reply:* Sorry - I’m not of much help in this case.
*Thread Reply:* No worries @Caryn I’m wondering if anyone else has experienced it. I updated from 8.1 to 10
*Thread Reply:* We didn’t allow SD cards, so all done through products in WS1. I just did a quick search, but didn’t find anything relevant. I thought I may have recalled reading about a flag to intentionally do that, but not 💯 sure.
*Thread Reply:* Sorry I'm not any help I haven't done anything with zebra devices yet but will be working with them soon enough for an upcoming project. Can you not do an OTA on Zebra devices?
*Thread Reply:* You can do OTA updates with the Zebra. However, the software packages are so large and delivery takes a lot of time from my experience with WS1. More often than not I’ve found failure. So I’ve chosen to do the updates with SD cards in effort to prevent unnecessary network traffic plus I could update several zebra devices simultaneously in a matter of minutes with the SD cards.
*Thread Reply:* That is the issue we had with some Honeywell devices. The OS 9 update was so large and the network connection weak/not consistent, it failed. They ended up updating the OS using SD cards.
*Thread Reply:* Good to know I'll have to keep it in mind we do all of our other updates via OTA for iOS and Windows devices so I think our network can handle it but def something to test.
*Thread Reply:* iOS updates are not bad OTA. I’d assume your Windows devices are hard wired for network so you won’t experience delays in updates there either . @Caryn @Boe my Zebra account team sent me an updated file for OS 10... thinking there is a bug with what’s available in their portal which was causing the random factory resets 😉 Thank you both for your feedback 😊
Hi, I’m looking for a learning platform that also offers a virtual lab environment so one could do some hands on training. Searching on Google I could find platforms like Practice Lab or CBT Nuggets. Both have pricing models that are not cheap, but I’d be willing to pay that if they bring value. I’d like to know if somebody uses one of these platforms and can share his experience or maybe can point me to alternatives that also get the job done. Thanks
*Thread Reply:* VMware Hands-on labs: https://labs.hol.vmware.com/HOL/catalogs/catalog/1212 As far as I can tell, they are free
*Thread Reply:* Thanks, I know this one from my past employer. This one is only focused on VMware products. Was looking for something more general.
*Thread Reply:* Depends what you want to learn. I don't think you will find one that will have everything.
*Thread Reply:* Was looking torwards Microsoft related stuff with Lab environment included. And also looking for Comptia stuff.
*Thread Reply:* for Microsoft just spin up a tenant and you will have a M365 E5 licensed lab for 90 days. Once run out spin up another one. Free of charge.
Anyone have any first hand (or other) insight into Hexnode or Miradore as UEM?
*Thread Reply:* Have 1st hand experience working with Miradore team. We piloted their Miradore Management Suite which is a legacy on-prem solution to manage Windows devices. So we did not focus on the cloud MDM product but saw a demo instead. They are great people to work with, very supportive and knowledgeable. Warmly recommend.
@Fernando Fabian has joined the channel
hello all, glad to be a part of this community 😉
@Walter Villa has joined the channel
@Maria Fitzpatrick has joined the channel
Does anybody have a good resource for app deployment options? I've a lot apps to install via MDM on Windows 10 and some have tight documentation (VLC for example) and others do not (Dymo, I'm looking at you!). Any suggestions on how to best work out the install\uninstall options would be appreciated.
Does anyone have any experience with or recommendations for SOTI and/or 42Gears - product, support, etc. This would be to manage Androids in a really locked down kiosk mode, primarily. 42Gears/SureLock seems to be a strong contender, but I haven't had experience with their support. TIA!
*Thread Reply:* SOTI and 42Gears are hands down some of the best options if you are managing Zebra Android devices in a fully managed mode
*Thread Reply:* They specialize in that use case
*Thread Reply:* I wouldnt recommend them for other things like iOS or Windows management
*Thread Reply:* but for the AEDO Zebra use case they do really well
*Thread Reply:* Not Zebra - probably Bluebird devices, possibly Samsung.
*Thread Reply:* I know SOTI is pretty solid at Samsung as well, don’t know about Bluebird
*Thread Reply:* SOTI, and I believe 42Gears as well, offers native Remote Control which I view as quintessential for supporting mission critical device deployments
*Thread Reply:* It is highly likely it will be primarily Android going forward (still gathering data), potentially some Win10 but not likely.
*Thread Reply:* I am of the mindset of having the right tool for the job rather than having a “single pane of glass”
*Thread Reply:* Not everyone would agree with that stance
*Thread Reply:* Agree with the native remote control. It is critical for us as well.
*Thread Reply:* Products like Intune are the single pane of glass that don’t necessarily excel in any one thing
*Thread Reply:* Products like 42Gears and SOTI are specialized in and have a heritage of rugged device management
*Thread Reply:* So I would absolutely recommend them for that use case, I’m not sure I would say I recommend them for Win10 though
*Thread Reply:* So, not so much looking for rugged device management, but the capabilities that typically come with that, such as kiosk and locking the devices down.
*Thread Reply:* Perhaps they can leverage InTune for Windows management, as you said above. Actually, I like that strategy and I'm ok with managing multiple platforms, having done so previously.
*Thread Reply:* Matt, have you used SureMDM/Lock in production? If so, how would you compare it to SOTI?
*Thread Reply:* Have not used SureMDM in production, have only evaluated it with a trial instance
*Thread Reply:* I was impressed with the feature set compared with SOTI
*Thread Reply:* They seem a little more nimble on the development cycle and have been beating SOTI to market on certain features by about a year
*Thread Reply:* for example LifeGuard OTA support (Zebra’s version of E-FOTA) was in SureMDM over a year ago and its only now showing up in SOTI
*Thread Reply:* but the feature set for managing mission critical devices seems very similar
*Thread Reply:* 42Gears was founded by ex-Motorola/Symbol folks so they have a heritage in that use case
*Thread Reply:* It appears that way to me also. I like the focus and feature set for their kiosk mode.
*Thread Reply:* and SOTI used to go toe to toe with Avalanche for managing legacy Windows CE/Mobile devices in those kind of environments and they have applied that heritage to Android management
*Thread Reply:* I did not know that - good information!
*Thread Reply:* ...about the ex Motorola/Symbol connection.
*Thread Reply:* So this is a spinoff of Good Technologies 😆 (j/k)
*Thread Reply:* Funny you should say that, SOTI is based in the Toronto area and you will actually find a lot of ex Blackberry folks there as a result
No action is needed on our part for Mobileiron right? https://developer.apple.com/news/?id=uzyxiriy
*Thread Reply:* If you’re running Core 10.7 and below, you’ll need to add a couple of trusted root certs. No action is needed for MI Cloud. https://help.mobileiron.com/s/article-detail-page?Id=kA13n000000PS9RCAW
Any recommendations for device resellers for non-rugged devices with Google services (for zero touch enrollment)? Devices would be distributed globally, so the source does not need to be North America. It just needs to be reliable.
*Thread Reply:* hi Caryn, this can be an extremely difficult task to achieve without going to a manufacturer directly. However from reading your previous posts, these guys might be able to help achieve what you need! Read the case study they did with HMD (Nokia) to distribute devices globally for a clinical trial https://assets.ctfassets.net/d6skzop43my5/6xsgSWzsQWwhf8GMb6IMqi/93a18cdcfe78aba1a46b38336b60b438/B2B_case_study_Vessel_final.pdf
*Thread Reply:* sorry forgot to mention the company! They are called Vessels Connect - https://vesselconnects.com/
*Thread Reply:* Awesome! Thanks very much @Ajay Patel!
In case anyone uses Squirrels Reflector to capture Apple/Android screen shots/movies, they’ve got a 30% off code for the new Version 4. RF3TEmailUpgrade https://www.airsquirrels.com/reflector
*Thread Reply:* Samsungs on Android 11 no longer works with Reflector
*Thread Reply:* I use a cable and an external video capturer and it works fine, as long as device have video out on USB
*Thread Reply:* @Raul Lame! It does appear that they have a workaround to re-enable the Cast tile https://help.reflectorapp.com/support/solutions/articles/11000101532-why-can-t-i-mirror-with-smart-view-on-android-11-
*Thread Reply:* Worked like a charm on my Note 10+ on 11
*Thread Reply:* Good to know as well! I was going to be a little bummed/feeling misled if I had upgraded and Android 11 wasn’t feasible
*Thread Reply:* I love reflector. It’s excellent for Zoom demos.
*Thread Reply:* @aaron I was just using it to Cast an Android ZTE build I’m working on. Agree, it really does enhance the level of presentation
Question, but for Mac management what do you think is the best solution? JAMF? grazie a tutti 😉
*Thread Reply:* Jamf is a go to solution for mac devices. It depends what are you trying to achieve and how big is your estate.
*Thread Reply:* My company is bidding to manage a fleet of about 2500 MacBooks. I know they previously used Windows PCs and SCCM for management. I won't be the one deciding on the new solution but I wanted to understand what the best ones on the market are. Thanks
*Thread Reply:* Jamf is recognised as a leader, but you can managed devices with WS1 or Intune, all depends on your requirements.
*Thread Reply:* Yep, I'll investigate...tnx
*Thread Reply:* If they are only managing 2500, there are some midrange solutions that are pretty impressive. One you may want to look at that is Apple specific is https://www.kandji.io/?utmsource=adwords&utmterm=kandji&utmcampaign=Brand-US-CA&utmmedium=ppc&hsatgt=kwd-618499492764&hsasrc=g&hsanet=adwords&hsacam=1654855395&hsakw=kandji&hsaad=449303689104&hsaver=3&hsaacc=1685973693&hsamt=e&hsagrp=63130169426&gclid=EAIaIQobChMIq46sqOva7wIVgfGzCh2HUAlVEAAYASAAEgIlnfD_BwE|Kandji. There is always Gartner to at least get a general idea of who the players are (from their perspective).
*Thread Reply:* I can’t believe I fell for it :face_palm:
*Thread Reply:* Haha love it. I got a few folks in some big organisations 😁
*Thread Reply:* It was a beautiful job, very believable ;)
Life slowing down any for my fellow Mobile Maniacs? a year later work is returning to normal levels again for me. Still remote though. Just curious.
*Thread Reply:* Still relatively manic for me currently. Possibly even continuing on an upward trend now orgs have sampled alternative working and look to enable it longer term.
*Thread Reply:* We grew 10k devices active over the past year. So I guess I am busier, but the surge is over for me.
*Thread Reply:* calm before the storm here... big projects kicking off in the coming weeks.
*Thread Reply:* Maintaining a steady pace. Spring Break was a nice pause, but have lots in progress and the pipeline is well stocked.
*Thread Reply:* No shortage of work here, just more controlled chaos.
*Thread Reply:* Wait I'm confused running around like a maniac during work hours isn't the norm. Damn it I knew I was doing it wrong all this time 😄
*Thread Reply:* Well i’m not saying I’m short on work, I’m just back down to the normal levels of Mania I experienced b4 the pandemic 😉
*Thread Reply:* No shortage here, it's still all hands on deck, just remote
*Thread Reply:* Enough work, that we're hiring an FTE.
*Thread Reply:* 8-10 meetings per day!! Busier than ever. Need to get better at managing remote working habits of my co-workers as its currently meeting tsunami
*Thread Reply:* I hear you @Paul Conaty So many meetings I can't actually get work done.
*Thread Reply:* Meetingageddon.... the pandemic is not an excuse for excessive meetings! How does work get done if there are continual meetings? 🤔
Howdy! I’m trying to take the AE training and certifications and I’m only able to find access to it through Google partners using g-suite or a Corp email account. Is this not available to individuals anymore?
*Thread Reply:* Hey brother... long time, no holla! I have not found another way. If you want, I can spin you up an account in my Partner account so you can do it.
*Thread Reply:* What up!!! It’s been a while! Are you busy?
*Thread Reply:* AE training can be accessed through any non @gmail.com/hotmail.com/etc address. So if you have a Google account under a personal domain as I do, it should let you in as it does me :)
*Thread Reply:* Yeah, it didn’t work for me. I had to buy into g-suite.
Hi, all newly joined folks! Welcome to the madhouse.
Not quite sure where to post this, but what popular "SIM solution" is being used for organizations that have deployed devices in many countries globally, including Brazil, Turkey, Africa, etc.? Single SIM / eSIM with MetTel, T-Mo, Teal, Uros, Webbing, etc.
We are looking for a single vendor solution and I would be interested in other's input who have had experience with this already.
*Thread Reply:* I have something to offer, ill reach to you in DM.
*Thread Reply:* If someone is interested in these kind of solutions let me know, I can help.
...for those same devices in more obscure countries with lesser used languages, how is the native language being added to them, like Cyrillic Serbian or some of the native African languages?
Out UAT teams are using the MoreLocale 2 app with ADB, but that isn't an option for production devices and I feel like there must be a better way!
@Gary Bohnenstiehl has joined the channel
Good afternoon! Thanks for the invite to the channel! 😀
If anyone has Krishna’s email, please invite him also!
Exactly. I’ll invite him. He was just over yesterday 😀
@Christian Breier has joined the channel
@shahrose khalid has joined the channel
*Thread Reply:* I fully agree. Even Microsoft has recently moved away from this advice.
*Thread Reply:* Every 30 days 😑. More Annoying? Yes. More Secure? No
*Thread Reply:* Hey @shahrose khalid. Did we used to work together when you were an admin for a previous federal org? This would be a fantastic enhancement suggestion. For any customer enhancement suggestions we have the Request for Enhancement process that is utilized to collect feedback such as this. You can find a link to a blog post outlining how to submit an RFE here: https://community.ibm.com/community/user/security/blogs/ciaran-darcy/2019/03/14/how-to-submit-maas360-rfe-request-for-enhancement I highly encourage that your customer submits this RFE so that our product team can review and track suggestions such as this one.
*Thread Reply:* Also for clarification, the current portal admin password expiration period is 90 days, not 30 days.
*Thread Reply:* @VladYES! lol nice to hear from you again man. Hope all is well on your end. I will go ahead and ask my client to submit this request. Thank you
*Thread Reply:* This is one of the reasons why we always try to avoid using local identities when signing into MaaS. Federating with an iDP or AD directly resolves a lot of these issues. However i understand that doesnt always work for a lot of people
Howdy! I’ve been trying to complete the AE Expert cert and oh man, the barrier of entry to get there is rough! So I had to setup g-suite using a domain I own, then to get Zero Touch, I convinced CDW to sell me a pixel 4a and create the portal for me without a taxID. Now I’m trying to buy the pixel 5 in green and it appears to only be available through consumer channels. I’ve reached out to the Google store to see if they can add it to my ZT portal if I buy it through them and they have no idea what I’m talking about. I also have an old Samsung S8, given to me by Samsung as a marketing thing. I want to put this thing in the portal but Samsung doesn’t have that ability. Is there anyway for us to apply devices to ZT if the seller is unable to? I tried asking the Google Store if they would register for the Android Enterprise partner program, but that seems kinda dumb.
*Thread Reply:* For Samsung you would need Knox Mobile Enrollment instead of Zero Touch afaik.
*Thread Reply:* Agreeing with Julio. Samsung Knox Enroll is free of charge and you can sign up for it yourself. Devices should be assigned by your supplier or you can use the Samsung Knox Deployment app (Android app) to push devices into your portal.
*Thread Reply:* The S8 is eligible for ZT and doesn’t require KME. Also, I can’t get KME without a taxID. I do like the bump option to push Samsung devices into KME. I guess I wish ZT had something similar.
*Thread Reply:* Also, I’m doing all of this to get past the third part of the AE certifications which Knox is not really a part of. Ultimately, when the pixel 6 comes out, as a prosumer, I’d like to get the color option I want and apply it to my ZT portal. All of the approved AE resellers only sell one generic model of the pixel 5. I’m trying to see if there’s a consumer channel that can still get me the device I want and still apply it to ZT. My current mobile provider can’t do anything for me without a taxID and don’t want carrier Android on anything I own.
*Thread Reply:* Interesting! I was able to get Knox without a taxID! Not really what I was after but good to know!
*Thread Reply:* I did look at ZT but the suppliers we talked to had a min order of 10 devices before setting us up which I could not justify for R&D
*Thread Reply:* I have the ZT portal already, CDW was able to set that up for me. It took about two weeks and I have to have G-Suite and a business name. T-Mobile would do it if I had a taxID but their Android selection is awful and I refuse to use carrier Android anymore.
Hello! Quick question. Is anyone having issues wiping Android devices from MaaS360 after they have upgraded to Android 11? I have a client who stated that the action status is pending until the user logs into that particular device. He tested this action on a device that is not on Android 11 and the device immediately wipes. Please lmk your thoughts. Thanks 🙂
*Thread Reply:* @shahrose khalid there is a #maas360 channel where you can ask questions like these too just as a heads up
*Thread Reply:* How was the device enrolled? When you say the user has to log into the device are you talking about signing in to the MaaS360 app or are you referring to unlocking the device?
@Allen Salazar has joined the channel
@John Olve Andersen has joined the channel
@Michel Pauzner has joined the channel
@Roberth Diorges has joined the channel
*Thread Reply:* What EMM are you using? Maybe you have device enrollment restrictions in place that is blocking that enrollment. Or your user reached the device limit?
*Thread Reply:* Got it, I’m using Navita EMM. I’m a developer and generated a new management profile because the old one had expired. I followed this article to make the whole process. But in step 12 I couldn’t sign because I had an error. Soon after, when performing some tests, this error in the image above was returned
*Thread Reply:* https://developerinsider.co/how-to-create-a-verified-ios-mobile-device-management-mdm-profile/
*Thread Reply:* do you have a valid APNS certificate ?
*Thread Reply:* Is there a duplicate entry for the device in the MDM? I received this several times with MI Cloud when there was a stale/orphaned account for the device that was trying to be enrolled.
Hi everyone thanks for the invite to the channel 🙂
*Thread Reply:* Thanks @Ivo Kazimirs and @Woody 👍
*Thread Reply:* Hm, I can tell you that after I saw all the matches of the first round, especially France vs. Germany😅
*Thread Reply:* Yup, I’m looking forward to that one, but still - any predictions at this early stage?
*Thread Reply:* It should prove to be an interesting tournament, that’s for sure!
*Thread Reply:* I’m really not sure - France look strong, as do Netherlands (and even Belgium). England would be my preference, but still seem to lack confidence in the last third of the pitch for me. Germany and Spain don’t look as sharp as they have been in the past, but may still surprise. Italy I haven’t followed that closely…
*Thread Reply:* I would see it in the same way. Italy could be a surprise tho..
@Mohamed Ali has joined the channel
Box for EMM: Anyone have intermittent issues where the managed app is installed, but the config doesn’t apply and/or is incorrect? Ends up displaying a “App Not Authorized”. I don’t have direct access to the WS1 MDM console for this one, so trying to provide assistance from afar.
*Thread Reply:* Does a delete of the app and reinstall solve the issue?
*Thread Reply:* @DirkC unfortunately, it does not
*Thread Reply:* I’ve got the team checking the troubleshooting/logs from the WS1 UEM console. It’s got to be failing when it’s trying to generate the managed config PLIST etc.
*Thread Reply:* I don’t believe the DEP policy allows for backup/restore… which is the only other item that Box support has thrown out.
*Thread Reply:* A customer of mine is facing something similar/same (On-Prem install of WS1). I couldn't fix it. VMware Support is still looking at it, but couldn't find anything incorrectly configured. The customer also has a test setup and there it works without issues...
*Thread Reply:* Only iOS devices has this problem. They have also Android devices and there Boxer App config's are being set.
*Thread Reply:* I had almost 0 issues with Boxer config until this morning for one of our customers. I couldn't find what was going on. iOS devices, 2005 On-Premises.
*Thread Reply:* customer's environment is at version 2102 in production (doesn't work) and 2008 in test environment (works).
*Thread Reply:* @Sidney @Steven Are you guys talking about Boxer or Box (file storage)? My issue is with the latter. Box for EMM. Box’s client specifically for deployment with an MDM.
*Thread Reply:* I was talking about Boxer App Config, but the issue is maybe with all iOS apps
*Thread Reply:* I was talking about Boxer too ! I now see this post was about Box and not Boxer 👀
https://www.theverge.com/2021/6/30/22556992/slack-huddles-audio-calls-feature-launch-discord-like
Oh oh oh.
@Michael Dornstreich has joined the channel
https://www.theverge.com/2021/6/30/22557390/google-apk-app-bundles-package-format-play-store
hi all, I'm back, needed to change my MobileIron Ivanti Account to my private one as I'm no longer working there 😉
Welcome back, @Matthias Eberle!
Is anyone using a proxy in the cloud for your devices (Such as ZScaler/etc). Any noteworthy experiences or alternatives you would suggest?
*Thread Reply:* Nice. Deployed to supervised devices as a proxy config and done?
*Thread Reply:* Yep. Along with a certificate payload for authentication.
*Thread Reply:* Worked well for the home schooling
*Thread Reply:* Awesome. So it’s not an open proxy, gotta have the cert for auth. Is it a single cert or is one dynamically issued for each device?
*Thread Reply:* We do a single config. But it probably could be dynamic.
*Thread Reply:* Single is fine. keeping it simple.
*Thread Reply:* Can’t see why you’d want to hack in and get proxied on purpose lol.
*Thread Reply:* Customer is talking about trying to configure OpenDNS on each device and content filter that way. Please, God no!
*Thread Reply:* Or he’s hourly and looking to clean up 🤑
@Michael Kokesh has joined the channel
@Luis Villar Romero has joined the channel
Hey @Luis Villar Romero welcome to the mad house !
Welcome @Luis Villar Romero!
@Bill Fitzgerald has joined the channel
@Alberto Alvarez has joined the channel
@Philipp Heffner has joined the channel
@John Brosius has joined the channel
@Joel Prefontaine has joined the channel
What’s your favorite SaaS document management system/repository?
*Thread Reply:* Dropbox Business - users love it, it’s a damn good collaboration solution (more than just a drive in the cloud) and yes, before you ask, we also believe it is a great way of dealing with the security challenges corporates worry about with Dropbox’s consumer product. Using Dropbox to address the Dropbox problem, if you will.
Hi, I’m hoping someone might be able to assist me with a couple of issues I’m running into on fully managed zebra tc-52 on Workspace One. We are trying to setup our BeyondTrust jump client on them for remote support. The first issue is I can push the app with configuration. But can’t figure out how to get it to start on the device with out manually running it. The second issue is that when we do run it and it communicates with the appliance it’s coming in with the name TC-52 instead of something unique to the device that we can identify it with. Anyone with experience on this would be appreciated. Thanks
@Mike you might have a better chance asking this in the #workspace_one channel instead.
For those interested: https://mobile-jon.com/2021/09/20/boxer-vs-outlook-for-ios-2021-face-off/
So I’ve got to ask, is everyone overwhelmingly busy or have you moved to other forums/channels/etc? Feels like we’ve lost a lot of folks and/or it’s quieted down in the past couple of months.
*Thread Reply:* Me. I’ve been busy as always. Too many devices. Not enough people. Running 35k devices and 2 engineers/architects.
*Thread Reply:* Something here similar too… I don’t think anything new has come up, like this… Everyone is just busy…
*Thread Reply:* Was asking myself the same thing @Woody
*Thread Reply:* I'm spreading myself a little thin also at the mo..
*Thread Reply:* WFH - MeetinGeddon. not enough time in the day to actually do stuff
Hey all Don't put that kind of complex policies! https://twitter.com/humansnocontext/status/1439835329725452291?s=21
*Thread Reply:* I'm 💯 confident if my security team could get away with us requiring that they would 😂
*Thread Reply:* I’m pretty sure this is not a human 🤣. This is probably Tesla bot pinging back home to Elon.
https://mobile-jon.com/2021/09/27/mobile-jons-6-moments-of-excitement-for-ios-15/
LetterKenny teaches me a lot about how to handle corporate IT interactions especially “not my cow not my farm”
While I do like the enhancements to Notes, I feel it would be nearly impossible to part with Evernote at this point. I’ve got so many things set the way I like them that it would be painful to try and switch. Plus I like a solution that is vendor agnostic.
Really wish they would get on board with “Turn off Work” like you can do on Android with the Work Profile.
Apple APIs are forever an uphill battle
@Ben Hamlin has joined the channel
@Taryl OUENNOUGHI has joined the channel
@Graham Hathway has joined the channel
anyone else seeing that their access to this channel is now a Free Trial and expires in 6 days
@Justin Butts Yeah, it was an “upgrade” they gave us to Slack Pro. We’ll fall back down to where we were after it expires.
oooh okay thought I was getting das boot
Not sure who owns the Mobile Pros slack channel, but the free trial ends in 2 days
*Thread Reply:* I think that would be @Jason Bayton
*Thread Reply:* Will this just go dark when that day comes? Should we maybe transition to more of a forum model in the future?
*Thread Reply:* nah Slack bumped us up for no reason, and when it expires it'll go back to the free plan
*Thread Reply:* Ahh, so we’ll just be at the 10K message limit again and can carry on that way
*Thread Reply:* Not sure why they bother sending notifications to users on stuff like that…
*Thread Reply:* so you will be scared into paying money?
*Thread Reply:* Haha. Notification dismissed… conscience clear
@Tim Szczepaniak has joined the channel
Out of curiosity, has anyone integrated with Okta’s FastPass?
@Jennifer Staresina has joined the channel
Kinda odd that Slack is now limiting the amount of messages we can see, if we don’t have the “pro plan” they heavily promote.
*Thread Reply:* I know, but until a few weeks ago you could browse back as far as you wanted. I saw the notifications about the pro plan and stuff, but didn’t think they would limit the history that we would have access to. Thought they’d add extra stuff that would be paid for, but didn’t expect this, even though we are on a free plan.
*Thread Reply:* @Jay they temporarily bumped us up to a Pro plan and then dialed it back after the free trial expired.
*Thread Reply:* Yeah, we've always been on the Free plan and Slack just decided to bump us. Should have taken the opportunity to do a full export and move to rocket.chat or something tbh 😛
Quick question for everyone, We're having some issues here in our environment with Exchange on Prem it's not updating mail on the outlook app or iphone native email app. But it will after a few hours or so. Any idea's as to why?
@Brian Guessing you guys are using EAS? I'd start by checking those servers since they are most likely the direct link between your devices and their Exchange Mailboxes.
In case we have any Okta users here... https://status.okta.com/?_ga=2.38960035.1235140618.1639583560-1677835067.1637641968
@Richard Edwards has joined the channel
Has anyone ever tried this? My wife would be happy if that works out :) https://apps.apple.com/en/app/silent-night-anti-snoring/id1597428185
*Thread Reply:* That's awesome! I actually laughed at another app that did something similar (promoted on FB). Gonna see if I can find the link. Though I'm sure some ppl would be worried about the mic being on all the time.
*Thread Reply:* So I have this App in use. My wife don‘t let me sleep without a watch and this app anymore. The watch has no radio connection overnight, so I believe the manufacturer that no data flows outside here.
*Thread Reply:* @iMZ this is the one I kept getting ads for https://fb.watch/arzqG8MT-s/
*Thread Reply:* Okay, this app just recording ... the other one actively prevents me from snoring
*Thread Reply:* I was laughing about the 💨 monitoring 😆
*Thread Reply:* Sadly I use Slack more for DMs these days... don't have as much time to watch channels and hop into threadS
We got another free bump to pro by slack so if anyone notices changes, that'll be it!
Yo curious what everyone is using for enterprise mobile VPN apps. Anything just absolutely awesome I should know about?
Zscaler is pretty responsive as a product. As Ivanti MobileIron partners we use their Sentry per app VPN when the need arises. Whats the scope you are looking at?
nothing crazy, per-app-vpn usage, just need something agnostic so we aren't stuck with an MDM vendor's VPN procut
which we are currently stuck with Tunnel from MI
Cisco AnyConnect and F5 are common across our customers as generic (non-MDM) VPN solutions. Most MDMs have pretty good support for those too.
*Thread Reply:* Thanks man! We were using AnyConnect and running into all some weird issues (in mi core) which I think were actually related to MI Core rather than the AnyConnect app itself. I'll have to take a look at F5's solution.
@Justin Butts anybody but Cisco. Hate AnyConnect and the ASA lineup. So many problems vs any EMM proprietary tunnel or any competing VPN solution at every commercial company and govt. org I've worked for.
And I'd rather call your grandmother for Cisco tech support than TAC.
Welcome @Lewis!
Right @Peuge? Sitting at 1567. That's astounding.
*Thread Reply:* Passing fad, just like that Internet thing.
*Thread Reply:* I start to worry about commoditization
*Thread Reply:* More and more random and generic Android manufacturer entrants. Unification of management practices via Android Enterprise and concepts like OEMConfig. EMMs are becoming increasingly the same. Enterprises are starting to finally figure things out. It’s hard to continue to provide differentiating value in that kind of environment.
*Thread Reply:* The value comes from the partner implementing them; when the tech is pretty similar, the gaps in service/proposal become way more obvious.. be amazing™
*Thread Reply:* https://c.tenor.com/AgFcSGVtji8AAAAM/foo-fighters-hair-flip.gif
Hello Hello. Saw somewhere that there's some WorkspaceOne users here.
@Woody Yep, just figured out how to do that. First time using slack as well so took me a moment.
Slightly off topic.Any suggestions on latest Digital business card solutions?
*Thread Reply:* I'm a fan of both the NFC embedded ones, and designs that incorporate a QR code for easy importing
*Thread Reply:* I had a meeting with an Ukranian startup for the solution which uses NFC as well as QR.Heard from a friend that NFC will have issues on iPhones.How true it is ?
*Thread Reply:* I use a nfc card with iPhone regularly. Mine is from Linq. Linqapp.com. They also have an AR card linked with the nfc card. It is very nice.
@Stephan Giese has joined the channel
... and just like that, we're basic again 😆 (Slack basic)
Howdy! Has there been any new developments with managing Androids in China? I saw Jason's comment on support.Google saying either full EMM, like WS1, or MAM with Intune. Is this still the case, anything new?
*Thread Reply:* I haven't seen anything new recently I'm afraid. Intune's AOSP management is coming along, which might be worth a look for you. Some other EMMs are upping their AOSP management as well, leaning on AE APIs locally on-device with a custom DPC rather than relying on Goog's infra.
*Thread Reply:* Thanks, Jason! I had no idea Intune was working on AOSP! From what I understand, Azure in China isn't owned by Microsoft, does this cause many issues that you're aware of? I just learned WS1’s registered mode is custom DPC. It kinda sounds like it's the best path. We're trying to build the least invasive BYOD solution while still delivering a lot more than what a MAM does.
*Thread Reply:* We're also looking at Okta’s basic mdm but it looks like it's about to be deprecated.
*Thread Reply:* Okta won't get involved with mdm , what they do have is fast pass which is basically registered devices for sso . Basically it's device trust but initiated by you as the owner .
@David Baverstock has joined the channel
Any recommendations for good RSS-feeds that covers mobile management? MobileIron/WorkspaceONE/MEM etc.
*Thread Reply:* RSS feeds? no. But you could follow the individual company blogs, follow each of them on LinkedIn, follow big names like @Jason Bayton on twitter and LinkedIn
Hey everyone, I've got a follow up question to China Android stuff. What's the easiest way to get a current AOSP device for testing if you you're not in China? I don't think 12 has been released there yet, guessing sometime soon though and I'd want to have a device that could upgrade to it. Are they being sold outside of China? I can't confirm with Amazon seller what OS it has, do I gamble on Amazon then try to flash it to AOSP?
*Thread Reply:* I've tried using a razpi 4b with 12, lineage-19.0. Which supports GMS but doesn't come installed, so when I try hub enrollment for registered device mode, it tries to install Play services. Oh well, worth a shot.
*Thread Reply:* @Andrew Adams you'll need to configure WS1 for AOSP/closed network then do the enrolment
*Thread Reply:* If you used AOSP closed network enrollment and then disabled all of the GMS services on the device via blacklist it would effectively be in AOSP mode. If you are targeting Fully Managed you’d also have to utilize an OEM provided mechanism for DO enrollment since you wouldnt be able to use any of the SUW based methods for DO on an AOSP device.
*Thread Reply:* For example on Zebra AOSP devices we can enroll them DO via the StageNow tool that Zebra provides as it is able to install and set a DPC as DO. Honeywell has something similar to StageNow called enterprise provisioner that can do the same without going through the standard methods (Eg. QR, NFC, DPC identifer, ZTE)
*Thread Reply:* SOTI MobiControl also offers “offline” management, and recently even added the ability to distribute OEMConfig and other managed configurations directly to devices without requiring distribution through the Play server infrastructure
*Thread Reply:* Thanks for the info guys! I had to modify Management Mode to not require MDM managed. I'm guessing this is Registered Mode? Is it just a glorified app catalog with no security enforcement? I can't push managed apps or tunnel them. I wish I was using a Zebra like platform and not trying to solve for the 400+ different models of Android used in China. I can also flash those easy enough with ADB if I can convince a Zebra employee to let me to download those OS files!
@Jonny Welander has joined the channel
@Sanjay Soebedar has joined the channel
Hello! I had a question regarding Workspace One apps for window devices. Hopefully this is straightforward. Is it possible to take unmanaged applications and put them in a managed state if the apps are already deployed across all window machines or do we need to remove those apps and re-deploy them in a managed state? I
*Thread Reply:* Try your question in #workspace_one :)
@Christian Andrésen has joined the channel
Interesting question that is more "political" than technical. Has anyone ever known profiles (any platform) to be legally considered IP (intellectual property)? For example, for those of you that are migrating a customer from one platform to another, has there ever been any question about not being able to migrate profiles because they are IP of one platform or company? How about Admin passwords?
*Thread Reply:* No, I can't say I've come across anything of the sort.
No one can claim passwords as IP, lol.
The only edge-case I could imagine some difficulty on would be proprietary stuff, but even then you're exporting config preferences, not intellectual property.
*Thread Reply:* Thanks very much for confirming Jason!
@Richard Wijngaard has joined the channel
@Håkon Ingebrigtsen has joined the channel
@Kenneth B. Jørgensen has joined the channel
@Jan-Kristian Arntzen has joined the channel
@Tommy Gustafsson has joined the channel
@Kristianne Nordslaa has joined the channel
@Daniel Skaaning has joined the channel
@Niko Wallentin has joined the channel
@Siddharth Sharma has joined the channel
Hi all, Anybody knows how to configure MS-Edge on a Android dedicated device that is setup in Single-Kiosk mode by Intune? If it’s even possible.
*Thread Reply:* @Daniel Skaaning you will want to ask this in #microsoft_endpointmanager
Here's a long shot, has anyone seen a case for the samsung galaxy line that includes stylus storage? (Not for the Note/Ultra models). Think S22/S22+. Thanks!
@Pierre Hellman has joined the channel
@Alexander Ramen has joined the channel
@Otto Andersson has joined the channel
Anyone aware of availability of a "non Samsung" 12" Android tablet with LTE available in the US? 12" display is a hard requirement. A "commercial", highly customizable tablet would be ideal.
*Thread Reply:* Not really. Maybe ELO?
If you've a need for a few thousand (MOQ for manufacturing..) I can build you one.
*Thread Reply:* Zebra has some LTE options but they max out at 10" I believe
*Thread Reply:* @Matt Dermody Zebra is not cost effective, but appreciate your input for sure!
*Thread Reply:* Thanks Justin! We were looking at this tablet and told, by Lenovo, we could not get it in the US with LTE.
Any Okta customers here? https://www.theverge.com/2022/3/22/22990637/okta-breach-single-sign-on-lapsus-hacker-group
*Thread Reply:* Perhaps the question should be.. who isn't an Okta customer? Mixed messaging coming out from Lapsu$ and Okta on this one.
*Thread Reply:* https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
*Thread Reply:* and https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
(Zoom calls - announcements with CSO starting in a moment -- see article for details, couple sessions)
*Thread Reply:* As a former Okta employee, I hated to post that but its kind of a big deal. Let's be honest though, MSFT and other have/will encounter these types of things at some point. No one is impenetrable these days.
*Thread Reply:* Sure 🙂 OKTA consultant here (among others), OKTA customer, WS1 customer. It now looks that platform is not broken, but endpoint having access to platform was compromised and remote accessed, with authenticated session "to-platform" being open -- so end of the day, platform was accessed by unknown/hostile operator to some content.
*Thread Reply:* MSFT side incidents start to be so common (gut feeling) that most are like.. source code, code signing certs stolen.. meh.
Behind the scenes of course, it's huge deal - regarding trust to your vendor.
*Thread Reply:* Referring to: https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ • open communication, transparency and of course mitigations, post-mortems.. more open you can be the better.
*Thread Reply:* @Ville Raassina and @Woody I fully agree no one is impenetrable but concern of course is "have any customers" been breached through this. The Lapsu$ group seem to be a strange org with rumours of them being out of South America and rookies but then we see Okta, MSFT, Nvidia and before that local media orgs and telcos... seems a big leap?
*Thread Reply:* Agree, they've come a long way in a short amount of time.
*Thread Reply:* Theres no evidence to suggest nation state involvement but its a hell of a leap in targets!
*Thread Reply:* Their method of openly "recruiting" employees/contractors that work with big tech companies seems to be their way of how they have been successful. Probably has a lot of companies re-looking at their least privilege approach.
*Thread Reply:* Oh yes the insider threat has never been greater!
Hi all, do anyone know why Intune Company portal asks for password even if the mobile device is already enrolled and ready to use ? in this case its an Samsung
*Thread Reply:* I get the same on my estate, looks to be part of a regular authentication token expiry as we'd see with other MS apps. Since it's not the DPC on the device but more of a companion app it hasn't caused much fuss to date
@Krister Jensen has joined the channel
Welcome @Peter, @Kristin, @Chris Bensing and @Krister Jensen 👋:skintone2:
@Gregory Eckinger has joined the channel
@Benedikt Haller has joined the channel
I know this is all about mobile. But if anyone is looking to change things up. Here is a JD of a position open on my team. Its in Adtech. More of a solution architect role. https://jobs.jobvite.com/siriusxm/job/ogwsjfwh talk to me if it seems interesting
@Eric Sumners has joined the channel
@Aulani Kahalewai has joined the channel
@Kasperi Kauhanen has joined the channel
After a few years of doing Mobility as just a "part" of my job, I have now landed a fulltime Mobility role and I'm pretty excited!
Let us know if there’s anything we can help with along the way
@Cristino Junior has joined the channel
Howdy, anyone done any work on Trend Micro MDM or have good knowledge on how it compares to WS1 or Intune? Finding it hard to get any real solution docs from their website or general internet searches.
*Thread Reply:* Finding comparion is really difficult over the internet. I am trying to write the blog on it..hope fully it will get published soon
*Thread Reply:* Have got a trial subscription but does not seem to have any of the MDM features. Are these only in Trend Micro On-prem?
Hey all, so I am dropping this out there to see if anybody has a recommendation for a single platform that can TRULY manage and secure Linux laptops (most important), Android devices, push managed configurations and applications (particularly to Linux) and is a cloud-based SaaS offering. The traditional paths of UEM are not cutting it and trying to find out if there is truly a platform that could/would manage all various OS, especially Linux. Have gone through all the usual mainstream UEM platforms and some new comers in the market space. Love any and all feedback on this. Thank you in advance folks and hope you are enjoying your summer!
*Thread Reply:* I am biased towards SOTI MobiControl, and only can really speak to the top notch Android (specifically dedicated devices / fully Managed) support
*Thread Reply:* But I do know they also offer some Linux device management that could be worth exploring
*Thread Reply:* https://soti.net/solutions/linux-management/
*Thread Reply:* They have a Cloud-based SaaS offering and offer 30 day trial cloud environments to test things out
*Thread Reply:* https://soti.net/products/soti-one-platform/soti-one-platform-free-trial/
*Thread Reply:* Thank you for your suggestion and insight. I am very familiar with Soti and will inquire around their Linux support capabilities. Greatly appreciate your feedback!
*Thread Reply:* Hey there, you could use VMware WS1 SaaS as an alternative.
@Saranraj Munusamy has joined the channel
mobile device passcode enforcement: anyone here enforcing Alpha-Numeric? If so, what's user feedback like (assuming miserable) and what industry?
*Thread Reply:* We do enforce 6-digit alphanumeric, but allow biometrics. User feedback is "huh, that's annoying", but no real complaints (could also be because it's a case of "it's always been like this")
*Thread Reply:* Currently the user of a 12-character alphanumeric w. biometrics. The only time it sucks is on reboots and if the timeout expires and you have to re-enter the password. Makes it worse if you have to frequently change (like every 60 days).
*Thread Reply:* @Cedric Lüke what industry is that if you don't mind?
*Thread Reply:* Complex Numeric only with biometrics! Too much of a headache otherwise…
*Thread Reply:* We are in pharmaceuticals
*Thread Reply:* Semi related and perhaps someone still needs a reminder, even for AD accounts the password policy recommendation by Microsof is “Don’t require mandatory periodic password resets for user accounts” - src: https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations
*Thread Reply:* I don’t mandate or recommend alphanumeric, because I don’t hate the people I work with 😄
Happy Thursday all! How’re things for you?
My CEO just suggested I can’t request logs from customers with Android issues any more, and everything should “just work”, so I’m having a great day.
@Terrell Jackson has joined the channel
@Leandro Nomid EMM has joined the channel
@Ricardo Simiao has joined the channel
After a long hiatus, I’m back here with the group again. Hello too old and new people!
Hi folks, does anyone know if this mobility training/certification is still going? The site seems dead as last updates are from 2019… https://cmdsp.org
*Thread Reply:* It clearly died when I left the board in 2019 😂
*Thread Reply:* Oh nothing special. I was on the board while at CWSI, left the company and the board at the same time.
*Thread Reply:* I still think it's a valuable cert and more like this should be had in our industry. Maybe we should sort a mobile Pros one 😜
*Thread Reply:* I’d be up for contributing to something like that for sure!
@Katja Hakoneva has joined the channel
Does anyone use telegram here? Recent updates make for a viable competitor to how we use slack from what I can see
*Thread Reply:* I guess maybe better asked if people don't use it :)
*Thread Reply:* I don’t but would be willing to check it out
*Thread Reply:* Yep I use it - good initiative
*Thread Reply:* I’ve seen several mentions of it alongside Discord. Figured it was an up and coming contender.
*Thread Reply:* The primary reason we’d ever switch off of slack would be the loss of premium features here (e.g. message history) right?
*Thread Reply:* Do we know if we’d actually be insulated from that on Telegram, or are some of their features behind a paywall as well?
*Thread Reply:* I think telegram is not limited... I have been using it for a while now...
*Thread Reply:* I see no obvious limitations. There's a paid tier for individuals but doesn't appear to limit groups.
Frustratingly they limit full group admin until there's 200 group members, so I can't set it up to mirror slack.
Here's the invite to the public group if you want to check it out (nothing really to see)
*Thread Reply:* I’ve also spun up a rocket.chat instance on my home server. That has no restrictions, and looks basically like a clone of slack. Of the 160k messages, slack exports about 60k from public channels, the rest is inaccessible which is a bummer
*Thread Reply:* Nice, are you saying that you’re willing to host this for all of us?
*Thread Reply:* Not on my home server.. but I'd host an instance on my VPS if RC looks promising
*Thread Reply:* Had a quick look - not bad plus there is a mobile app
*Thread Reply:* The ability to archive tonnes of useful info is a real plus
*Thread Reply:* I've dumped an export from slack while on the trial and disabled emails so I can do an import and test functionality without inviting 1600 folks to a localhost instance 😁
*Thread Reply:* Sounds promising although the debate is open as to whether or not the platform may become subscription based! Let’s just hope they don’t get greedy and start charging 😉
*Thread Reply:* Hopefully while it's self hosted that won't be the case..
*Thread Reply:* How to join? I tried mobilxperts.rocket.chat it says invalid...
*Thread Reply:* It's on a little VM in my house.. it's not yet ready for prime time mate!
I would suggest we need proper go-ahead from the community first anyway, since 2-3 people so far isn't many 😅
@Alessandro Piras has joined the channel
Anyone deployed Fasoo view DRMS app for iOS and Android via Intune?
I’m fiddling with plans again, don’t pay too much attention to the pro trial about to happen…
Considering many members don’t log in often, what’s the feeling on occasional Mobile Pros emails to members? 👍 or 👎 ? Use cases so far • Newsletters • Platform changes (should we migrate) • Blog posts or podcasts (whenever they happen…)
*Thread Reply:* I'd say this could actually drive more traffic.
*Thread Reply:* Do we have any update on this? 🙂 New to this space and keen to see more ongoing discussions!
*Thread Reply:* It's on my list, I've been sidetracked over Christmas :)
Hello everyone, just joined so thought I would say hi!
Hello @Andy Halkyard! Welcome to the most magical place on Slack! 😆
@Jere Kuja-Penttilä has joined the channel
I want to create a podcast under the group called Mobile Prose and I don't think I can be convinced it's not the best name ever
*Thread Reply:* I would also like to propose maybe bi weekly catch-ups on clubhouse or any group audio discussion platforms to brainstorm on some common topics and ideas...
*Thread Reply:* Eager to hear this podcast. I've always been surprised at the lack of mobility-related podcasts, but I'm just not chatty enough to go start one. Who better than Jason!?
*Thread Reply:* Is that a rhetorical question? Because I think there are many folks better known for not waffling like an iHop at breakfast as I do 😂
*Thread Reply:* rhetorical indeed! i'd rather hear a waffling SME (with syrup) than a bland egg
*Thread Reply:* Seems like this community could give you tons of content. Just refer to all the most common questions and make an episode about it. The challenge would be making it appealing to the widest audience - IT decision makers who don't actually understand mobility, as well as the mobility admins who have only touched one kind of MDM (most).
https://openai.com/blog/chatgpt/
*Thread Reply:* Anybody given this a whirl yet? I’ve put it to the test a bit today and have been pleasantly surprised with some of the answers
*Thread Reply:* Yeah this thing is wild. Not perfect, but it gives me a run for my money on a lot of topics 😂
*Thread Reply:* I think whats scary is the confidence level that it delivers some of the answers with
*Thread Reply:* You can respond back and say “that’s not true, actually…” and it will say “yeah, you’re right”
*Thread Reply:* I saw that with a sea mammal question on twitter last night
*Thread Reply:* You can have it write all your articles for bayton.org now! ha
*Thread Reply:* I was gonna say actually I'm probably out of a job now 😂
*Thread Reply:* Some of the comments on here are hilarious 😂 seems the ChatGPT servers are currently experiencing high traffic!
Is there an option to retrieve appconfig xml file of an iOS app so that we can push it via Intune.We need to deploy Mimecast Mobile app as managed (Ikey is available android ) via Intune.Mimecast support says they do not support Intune deployment so they cant help in this regard.Is there an option to get the configuration values so that we can deploy via Intune without the help from Mimecast support team? https://community.mimecast.com/s/article/Mimecast-Mobile-Deploying-via-Enterprise-Mobility-Management-EMM-Solutions-612908088?r=1091&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1|https://community.mimecast.com/s/article/Mimecast-Mobile-Deploying-via-Enterprise-Mobili[…]reateDraftFromOnlineAction.createDraftFromOnlineArticle=1
A silly or may be funny one…
I am struggling to use multiple machines with keyboards, mouse and touch pads… I am trying to search in Google but is there a keyboard mouse combo anybody already using or any open suggestions where I can connect 2 macs, 1 Win or 3 Win, 1 mac - such similar combos at the same time and use them ???!!! 😄
*Thread Reply:* Use a logitech multi-device product, such as the mx line. They are great.
*Thread Reply:* I use the Logitech MX Keys and MX Master 3 for almost two months now, connected to a Macbook Pro and to a Windows Desktop PC at the same time, works perfect. I still got one slot open to connect a third device, like an iPad for instance, so I highly recommend Logitech for this.
*Thread Reply:* I second the Logitech MX keys and Master suggestion. Works great with Mac and Windows. Is limited to three devices though.
*Thread Reply:* MX keys here also. Multi device switch is so simple and it just works!
@David Arvidsson has joined the channel
*Thread Reply:* Merry Christmas Jason and everyone :happy_christmas:
*Thread Reply:* Merry Christmas and a Happy New Year guys! 🙂
*Thread Reply:* And a Happy New Year to you sir!
@Will Bergan has joined the channel
Happy New Year Everyone ..
@Jeff Hernandez has joined the channel
@Geoffery Castro has joined the channel
Hey folks anyone here sells MDM services on a per-device basis? If so would you be willing to act as an advisory consultant and be fairly compensated for it? Looking for presales engineers or anyone who can help me to better scope the per device engagements. Trying to better understand how to define SLAs, service descriptions, and maybe learn some negotiation tactics. DM me if you can help or are interested.
@Walter Ariel Lozano has joined the channel
@Johannes Billgren has joined the channel
I got kicked out of Slack and I had to login into all my workspaces individually… did anybody have the same problem?
@Jonathan Marcialis has joined the channel
@Johan Sjögren Magnusson has joined the channel
@jose rafael montes herrera has joined the channel
@Sriram Kakarala has joined the channel
@Jordan Philip has joined the channel
Hey buddies…
How do we install the JIRA app on a macOS desktop… rather than accessing it via a browser…
*Thread Reply:* They got rid of their Mac app back in mid 2022.. web is the only option. Not tried it but you could potentially try chrome/edge web apps if available on Mac as an alternative but basically the same thing as having the web page open basically
*Thread Reply:* No such apps… checked already… thank you…
@Jorge Bayán has joined the channel
@Zorayda Gutiérrez Montes has joined the channel
@Michael Bergmeier has joined the channel
@Andreas Bahlke has joined the channel
@Eamonn O'Connor has joined the channel
@Josh Schofield has joined the channel
@Walter Schuetz Junior has joined the channel
@Thomas Hauber has joined the channel
@Siddharth Naithani has joined the channel
Good morning everyone, I am looking at some forward strategies on improving our mobile fleet within Intune. What are some ideas that some of the other companies around are doing to make their mobile devices more efficient within the Intune platform or in general? I would love to pick some brains on this matter. Please feel free to reach out with any ideas. Some other areas would be some device analytics or telemetry as well.
Looking forward to hearing from any of you on this.
*Thread Reply:* Can you explain what do you mean by saying: "more efficient within the Intune platform or in general"? What are you expecting to see/have?
*Thread Reply:* Mainly tryign to see what others are doing with the platform for their mobile fleet to see if we can improve the end user and admin experience.
*Thread Reply:* Check out the #microsoft_intune channel :)
*Thread Reply:* Thank you @Jason Bayton
@Avihai Naor Hershkovitz has joined the channel
Merry Christmas and Happy New Year to all, have a wonderful holiday season and here's to a wicked 2024 🌲🎉
Happy new year to all.Does anyone have knowledge of an office space management solution that includes features such as location change approval workflows and a reception kiosk for locating users on the floor
*Thread Reply:* We use a SaaS based solution called AppSpace that I believe des all you’re looking for. Albeit we only use it for meeting room reservation and visitor management, I believe it can do your additional requirements
*Thread Reply:* @Ajay Patel Thanks Ajay,any specific reasons for choosing appspace for room booking over MTR panels?
*Thread Reply:* Wasn’t my decision but ultimely we use AppSpace for digital signage and visitor management also so made sense to keep it all centralised including room booking. As we have over 100+ offices globally the visuals offered by AppSpace were also a bonus. Allowing us to upload floor plans of sites and highlight where rooms are etc. they also integrate with all major vendors like Logitech Tap devices that we use outside rooms like the Teams panels but ensures we keep all meeting info in one place/app
*Thread Reply:* @mahiroux is goBright something you look for?
*Thread Reply:* I can recommend https://robinpowered.com/
@Patrick Bright has joined the channel
@Prathamesh Sahasrabuddhe has joined the channel
@Jesus Domingues has joined the channel
@Yannick Weijenberg has joined the channel
@Yannick Weijenberg has joined the channel
Feel free to find your preferred channels and get stuck in!
*Thread Reply:* Time to pick-up some old habbits, sometimes a reminder is enough 😉
@Gustavo Levandowski has joined the channel
@Jeremie Conrey has joined the channel
@Thibault Holley has joined the channel
@Joël Mentink has joined the channel
@Fernanda Guidolim has joined the channel
@Bruno Bavaresco has joined the channel
@Alexandre Beirith has joined the channel
@Felipe Gusberti has joined the channel
@Alexander Kozlowski has joined the channel
@Arthur PHOMMACHANH has joined the channel
@Nassim ZIHOUNE has joined the channel
@MAILLARD, Erik has joined the channel
👋 Hello
@Darius Russell has joined the channel
@Toby Sansome has joined the channel
@Aitor Gonzalez has joined the channel
@Nesrin Kalender has joined the channel
@Raja Banerjee has joined the channel
@Chris Butigieg has joined the channel
@Tristan Reckner has joined the channel
@Inbal Meshulam has joined the channel
@Patrick McGlynn has joined the channel
@Contemporary Home has joined the channel
Discover diverse job openings in innovative blockchain projects supported by OKX Ventures. At this time, we are actively seeking specialists to join our team. Visit our job board here to apply. https://okxgroup.notion.site/Job-Board-OKX-Ventures-85cfce928210436fa9075f9eb019e3d1
We are actively seeking specialists for positions such as: Development & Engineering (Blockchain Developers, Fullstack, Back-end, Mobile devs, PMs), Business & Strategy (BD, PM/PO, Analytics, Researches, Digital Asset Lead etc), Marketing (SMM, CMO). For inquiries regarding vacancies, please contact alex@okxgroup.online
Here are a couple of job openings: React Native Mobile Developer (Fintech and Web3) [USD 80K-110K] [Remote] Game Tester P2E [$30/-$60/h + bonus] [Remote] Web3 - Frontend Developer [USD 90K-110K] [Remote] Quality Assurance Specialist (QA) [USD 80K-90K] [Remote] Solidity Engineer / Blockchain Developer [USD 130K-150K] [Remote] Algorithmic Trader in Defi [USD 80K-110K] [Remote] [Part-time] Project Manager (DeFi, Crypto) [USD 170K-190K] [Remote] DeFi Research Analyst [USD 80K-100K] [Remote] Analytics Manager [USD 90K-120K] [Remote] Technical Business Development Lead [USD 220K-250K] [Remote] CMO (Blockchain, Crypto, NFT) [USD 110K-120K] [Remote] Blockchain Product Manager [USD 180K-200K] [Remote]
https://app.warp.dev/referral/M9EVDY
Anyone familiar with a time and attendance tracking solution that is suitable for In person,virtual and hybrid corporate trainings?
Good morning all, we are looking to see if any organizations out there that are currently using or looking at mobile device analytics, device performance troubleshooting/reporting etc?
*Thread Reply:* Hey! Good morning. I'm interested also in that. As we are MDM provider, we have been improving our data lakes to look for patterns, etc. Would be nice to find people who already deal with this and how they extract value from that.
Just curiosity, why are you looking into that?
*Thread Reply:* Yes I use this frequently with either Zebra VIQF or SOTI XSight
Hey, yall. My org is doing a fitness fitness. I would love to join. It's just doing what you do every day. It's a step challenge. Join the "Mind Over Miles Race" group on StepUp, a fun app for step challenges. Get the app and then tap this link. https://join.thestepupapp.com/BwR2
@Jacoba Jacqueline Hartnick has joined the channel
@channel good day! I sent out the following email to all members earlier, however many mailboxes rejected a mass mail, so here it is again:
> Hello! > > As you know, Mobile Pros has been a Slack community since its inception back in 2016. It has served us well as we’ve grown to a community of almost 1900 > > With upcoming changes to Slack’s free tier however, and ongoing discussions about how we retain access to a lot of our historical messaging & information without having to pay thousands of pounds(/dollars/etc) to bring the Slack team up to a Pro (or better) tier, a move to another platform seems to make the most sense. Discord is currently leading as a suitable 1:1 replacement, where members can boost the community as individuals rather than under an all-encompassing subscription - but options are still available. Rocket.Chat is a free and open source platform heavily influenced by Slack, and others exist also; as long as there’s a data migration path, it’s in scope. > > It won’t be possible to undertake a complete migration, unfortunately. Slack only permits the export of public channel histories. Private messages will be lost in any way we go about this, and any private channels that aren’t converted to public will also unfortunately be left behind (I’ve asked Slack in the past and even if we bumped up to a paid license we still need permission from Slack for private export, they said no last time). > > So, for the request to you - if you have any private channels you’d like to be migrated over that are suitable to be temporarily made public, please head into your channel settings in the next week and switch them to public. > > If you’d like to chat about the migration, and provide input on where to go, tools to do so, etc, I’ve started a thread here - https://mobilxperts.slack.com/archives/CG7U0TYFJ/p1719571102746699 > > Thanks to all of you for your contributions to the community so far; I’m hopeful this next phase will allow the community to better serve existing members, and new folks going forward. > > Catch you in-channel!
OK folks, I fell offline for a good several days with a chest infection so let this slip. Anyone with private channels wanting backup/transfer should ensure they’re made public today to be included in any migration.
*Thread Reply:* If you’re happy backing your own messages up, no worries 🙂
*Thread Reply:* When is the switch-over date? Discord I'm assuming?
*Thread Reply:* In the next week, discord seems to be the only contender. I'll attempt a data migration and if it works trigger invites 🤞